YaBB search.pl Arbitrary Command Execution Vulnerability

YaBB search.pl Arbitrary Command Execution Vulnerability

An attacker could easily create a malicious html form with a catsearch such as:
./../../../../../usr/bin/touch%20/tmp/foo|

(excerpted from bugtraq posting by rpc <h@ckz.org>)