Vulnerabilities > Yabb > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2013-2057 | Unrestricted Upload of File with Dangerous Type vulnerability in Yabb 2.5.2 YaBB through 2.5.2: 'guestlanguage' Cookie Parameter Local File Include Vulnerability | 7.5 |
| 2006-06-28 | CVE-2006-3275 | SQL Injection vulnerability in Yabb 1.5.1/1.5.2/1.5.4 SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. | 7.5 |
| 2004-12-31 | CVE-2004-2754 | SQL Injection vulnerability in Yabb SE SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | 7.5 |
| 2002-10-04 | CVE-2002-0955 | Cross-Site Scripting vulnerability in Yabb 1Goldsp1 Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message. | 7.5 |
| 2002-03-25 | CVE-2002-0117 | Unspecified vulnerability in Yabb Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag. | 7.5 |
| 2001-01-09 | CVE-2000-1176 | Unspecified vulnerability in Yabb 20000911 Directory traversal vulnerability in YaBB search.pl CGI script allows remote attackers to read arbitrary files via a .. | 7.5 |