Freedom The Open Source Way Contribute Articles or News to OSForgeOSForge HomeLogout from Forums
Contacting OSForgeOSForge HomeAbout OSForge
  

Root
 Contribute News
 Learning Corner
 Linux Distributions
 Linux Common FAQ's
 Discussion Forums
Community Gallery
Links Directory
Search OSForge
Networking
 Industry Updates
 Linux & Open Source
 Opinions
 Press Release
 Programming
 Security
 Web Development
White Paper
DAKCS Software Systems Introduces Innovative Customer Training Program
Zarafa and ClearCenter Announce ClearOS Integration
Zarafa Brings Browser-Based Enterprise Collaboration Client to CeBIT
Zarafa Catalyses Software Development Collaboration by Launching git.zarafa.com
Zarafa and LPI Partner on Training and Certification Program
Likewise to Grow Seattle-Area Workforce
Likewise CTO: Unleash and Secure Unstructured Data
Likewise Names Leading Open Source Voice as CTO
Launched: Zarafa Collaboration Platform 7.0 and Zarafa Archiver

View More »

Yabb SE SQL Injection Vulnerability
By : Accidutzu [www] Find more article by Accidutzu on Securit
Monday the 26th, January 2004 at 04:42 PM (EST)
Send this Story to a Friend Readers TalkBack (0) - 3264 Reads

Printer Friendly Page Printable format
Send this Story to a Friend Foward to Email

YaBB SE is a PHP/MySQL port of a older forum software based on Perl. An SQL injection vulnerability allows a remote attacker to execute malicious SQL statements on the database remotely.

The file SSI.php has a number of functions to return information about the status of the forum (statistics). Functions 'welcome' and 'recentTopics' are vulnerable to SQL injection because the parameter ID_MEMBER is not properly checked.

An exploit is available but the YaBB SE team relased a patch. You should upgrade to 1.5.5 to be safe.

This is probably the last version of this forum. The team start working on a new forum software called SMF.

You can find the patch on YaBB SE website: http://www.yabbse.org/


  
Reader Rating from 1-5

 

Poor very 
1
2
3
4
5 		 very Excellent

Talkback

Post Your Talkback | View All Talkback (0 Posted)

 Currently there are no Talkback posted on "Yabb SE SQL Injection Vulnerability", Click here to be the first to post a talkback.

 
Scroll Up

   About | Term of Use | Privacy | Contact us | Tell a Friend | Advertise  

 OSForge News RSS Feed