Family: CGI abuses --> Category: infos
YaBB SE Command Execution Vulnerability Scan
Vulnerability Scan Summary
Determine if YaBB SE can be used to execute arbitrary commands
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by
The remote host is using the YaBB SE forum management system.
According to its version number, this forum is vulnerable to a code
injection bug which may allow a possible hacker with a valid account to
execute arbitrary commands on this host by sending a malformed
'language' parameter in the web request.
In addition to this flaw, this version is vulnerable to other flaws
such as SQL injection.
See also :
Upgrade to YaBB SE 1.5.2 or later.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.