• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

YaBB Administrator Command Execution Vulnerability

It is reported that YaBB is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands.

This issue permits a remote attacker to create a malicious URI link or embed a malicious URI between IMG tags, which includes hostile YaBB administrative commands. If an unsuspecting forum administrator views a post that contains this IMG tag, they will inadvertently activate the malicious URI, the attacker-supplied command is carried out with the administrator's privileges.