Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

YaBB SE Command Execution Vulnerability Scan

Vulnerability Scan Summary
Determine if YaBB SE can be used to execute arbitrary commands

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

The remote host is using the YaBB SE forum management system.

According to its version number, this forum is vulnerable to a code
injection bug which may allow a possible hacker with a valid account to
execute arbitrary commands on this host by sending a malformed
'language' parameter in the web request.

In addition to this flaw, this version is vulnerable to other flaws
such as SQL injection.

See also :


Upgrade to YaBB SE 1.5.2 or later.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.