• info
• discussion
• exploit
• solution
• references

YaBB search.pl Arbitrary Command Execution Vulnerability

Solution:
This issue has been addressed in the latest release of YaBB:


YaBB YaBB 9.11.2000

• YaBB Y1Gold_Release_cgi
  .cgi Version
  http://yabb.xnull.com/downloads.php?file=./downloads/Y1Gold_Release_cg i.zip


• YaBB Y1Gold_Release_pl
  .pl Version
  http://yabb.xnull.com/downloads.php?file=./downloads/Y1Gold_Release_pl .zip