Vulnerabilities > Yabb > Yabb SE > High

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2754 SQL Injection vulnerability in Yabb SE
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
network
low complexity
yabb CWE-89
7.5