Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2403

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-2403
Last Modified 05 Sep 2008 04:44:02
Published 31 Dec 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2403

Summary

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.

Vulnerable Systems

Application

  • Yabb 1 Gold - Sp 1

  • Yabb 1 Gold - Sp 1.2

  • Yabb 1 Gold - Sp 1.3

  • Yabb 1 Gold - Sp 1.3.1

  • Yabb 1 Gold - Sp 1.3.2

  • Yabb 1 Gold Release

  • Yabb 1.40

  • Yabb 1.41

  • Yabb 2000-09-01

  • Yabb 2000-09-11


References

XF - yabb-administrative-bypass(17453)

BID - 11214

OSVDB - 10243

SECUNIA - 12593

BUGTRAQ - 20040916 RE: www.proboards.com / YaBB XSS Vuln


Last Updated: 27 May 2016 10:39:28