Freedom The Open Source Way Contribute Articles or News to OSForgeOSForge HomeLogout from Forums
Contacting OSForgeOSForge HomeAbout OSForge
  

Root
Contribute News
Learning Corner
Linux Distributions
Linux Common FAQ's
Discussion Forums
Community Gallery
Links Directory
Search OSForge
Networking
Industry Updates
Linux & Open Source
Opinions
Press Release
Programming
Security
Web Development

White Paper
Plat'Home Launches First Linux-based Eco-Friendly Servers In United States
World’s Largest Python Conference Sees 70 Percent Jump in Attendance
Leading SaaS Infrastructure Provider Deploys Zenoss to Improve Uptime and Reduce Cost
JasperSoft is Most Widely-Deployed Business Intelligence Software in the World
Cluster Resources to Showcase Adaptive Windows/Linux Cluster at BrainShare
Funambol Helps New AGPLv3 Open Source License Gain Formal OSI Approval
Zenoss Sponsors PyCon 2008 and Leads Application Monitoring Discussion
The Linux Foundation Reveals Speaker Line-up for 2nd Annual Collaboration Summit
Zenoss Core Named 2008 CODiE Awards Finalist for Best Open Source Solution

View More »

Yabb SE SQL Injection Vulnerability
By : Accidutzu [www] Find more article by Accidutzu on Security
Monday the 26th, January 2004 at 04:42 PM (CST)
Send this Story to a Friend Readers TalkBack (0) - 1234 Reads

Printer Friendly Page Printable format
Send this Story to a Friend Foward to Email

YaBB SE is a PHP/MySQL port of a older forum software based on Perl. An SQL injection vulnerability allows a remote attacker to execute malicious SQL statements on the database remotely.

The file SSI.php has a number of functions to return information about the status of the forum (statistics). Functions 'welcome' and 'recentTopics' are vulnerable to SQL injection because the parameter ID_MEMBER is not properly checked.

An exploit is available but the YaBB SE team relased a patch. You should upgrade to 1.5.5 to be safe.

This is probably the last version of this forum. The team start working on a new forum software called SMF.

You can find the patch on YaBB SE website: http://www.yabbse.org/


  
Reader Rating from 1-5

 

Poor very 

1

2

3

4

5
 very Excellent

Talkback

Post Your Talkback | View All Talkback (0 Posted)


 Currently there are no Talkback posted on "Yabb SE SQL Injection Vulnerability", Click here to be the first to post a talkback.


 
Scroll Up

   About | Term of Use | Privacy | Contact us | Tell a Friend | Advertise  

OSForge News RSS Feed