1.5.5B

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

yabb

exploit available

NVD

Published: 2004-11-23

Updated: 2016-10-18

Summary

Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.

Vulnerable Configurations

Part	Description	Count
Application	Yabb Yabb Yabb 1.5.5 Yabb Yabb 1.5.5B	2

Exploit-Db

description	YaBB SE 1.5.x Arbitrary File Deletion. CVE-2004-0344. Webapps exploit for php platform
id	EDB-ID:23774
last seen	2016-02-02
modified	2004-03-01
published	2004-03-01
reporter	Alnitak and BackSpace
source	https://www.exploit-db.com/download/23774/
title	YaBB SE 1.5.x - Arbitrary File Deletion

References

http://marc.info/?l=bugtraq&m=107816202813083&w=2
http://www.securityfocus.com/bid/9774