Detections
Analytics

CVE-2007-3208

critical

Description

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to execute arbitrary code.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34848

http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785

http://www.securitytracker.com/id?1018236

http://www.securityfocus.com/bid/24455

http://secunia.com/advisories/25656

http://osvdb.org/37237

http://osvdb.org/37236

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538

Details

Source: Mitre, NVD

Published: 2007-06-14

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical