1.5.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

yabb

NVD

Published: 2006-06-28

Updated: 2017-07-20

Summary

SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.

Vulnerable Configurations

Part	Description	Count
Application	Yabb Yabb Yabb 1.5.1 Yabb Yabb 1.5.2 Yabb Yabb 1.5.4 Yabb Yabb *	4

References

http://marc.info/?l=full-disclosure&m=115102378824221&w=2
http://secunia.com/advisories/20780
http://www.securityfocus.com/bid/18625
http://www.vupen.com/english/advisories/2006/2504
https://exchange.xforce.ibmcloud.com/vulnerabilities/27331