OpenCVE

Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yabb	Yabb

Configuration 1 [-]

OR	cpe:2.3:a:yabb:yabb:2.0:::::::*
	cpe:2.3:a:yabb:yabb:2.0_rc1:::::::*
	cpe:2.3:a:yabb:yabb:2.0_rc2:::::::*
	cpe:2.3:a:yabb:yabb:2.1:::::::*

No data.

References

Link	Providers
http://osvdb.org/37238
http://secunia.com/advisories/25734
http://securityreason.com/securityalert/2818
http://www.securityfocus.com/archive/1/471733/100/0/threaded
http://www.securityfocus.com/bid/24529
https://exchange.xforce.ibmcloud.com/vulnerabilities/34932

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-20T21:00:00

Updated: 2024-08-07T14:14:12.962Z

Reserved: 2007-06-20T00:00:00

Link: CVE-2007-3295

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-06-20T21:30:00.000

Modified: 2024-11-21T00:32:52.910

Link: CVE-2007-3295

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "24529", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24529"}, {"name": "37238", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37238"}, {"name": "yabb-multiple-language-file-include(34932)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"}, {"name": "25734", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25734"}, {"name": "2818", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2818"}, {"name": "20070619 Local File Include Vulnerabilities in YaBB <= 2.1(all version)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3295", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "24529", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24529"}, {"name": "37238", "refsource": "OSVDB", "url": "http://osvdb.org/37238"}, {"name": "yabb-multiple-language-file-include(34932)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"}, {"name": "25734", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25734"}, {"name": "2818", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2818"}, {"name": "20070619 Local File Include Vulnerabilities in YaBB <= 2.1(all version)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:12.962Z"}, "title": "CVE Program Container", "references": [{"name": "24529", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24529"}, {"name": "37238", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37238"}, {"name": "yabb-multiple-language-file-include(34932)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"}, {"name": "25734", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25734"}, {"name": "2818", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2818"}, {"name": "20070619 Local File Include Vulnerabilities in YaBB <= 2.1(all version)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3295", "datePublished": "2007-06-20T21:00:00", "dateReserved": "2007-06-20T00:00:00", "dateUpdated": "2024-08-07T14:14:12.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yabb:yabb:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A202178F-3791-42EB-A530-3EC02B2A15CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:2.0_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "70BC5B30-B6D7-4694-9DFB-7F96528C5855", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:2.0_rc2:*:*:*:*:*:*:*", "matchCriteriaId": "E0607CB0-EACE-40A8-9992-E645084C2B9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:yabb:yabb:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "9279B5DA-9534-43BB-BAEB-C3FFFE4CFA35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Yet another Bulletin Board (YaBB) 2.1 and earlier allows remote authenticated users to execute arbitrary Perl code via a .. (dot dot) in the userlanguage profile setting, which sets the userlanguage key of the member hash, and is propagated to the language variable in (1) HelpCentre.pl and (2) ICQPager.pl, (3) the use_lang variable in Subs.pl, and the actlang variable in (4) Post.pl and (5) InstantMessage.pl; as demonstrated by pointing userlanguage to the English folder, modifying English/HelpCentre.lng file to contain Perl statements, and then invoking the help action in YaBB.pl."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en Yet another Bulletin Board (YaBB) 2.1 y anteriores permite a usuarios remotos autenticados ejecutar c\u00f3digo perl de su elecci\u00f3n mediante una secuencia .. (punto punto) en la configuraci\u00f3n de lenguaje del perfil del usuario, el cual establece la clave userlanguage del hash del miembro, y es propagada a la variable language en (1) HelpCentre.pl y (2) ICQPager.pl, (3) la variable use_lang en Subs.pl, y la variable actlang en (4) Post.pl y (5) InstantMessage.pl; como ha sido demostrado indicando el lenguaje de usuario en la carpeta English, modificando el fichero English/HelpCentre.lng que contiene sentencias Perl, y entonces invocando la acci\u00f3n help en YaBB.pl."}], "id": "CVE-2007-3295", "lastModified": "2024-11-21T00:32:52.910", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-20T21:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/37238"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25734"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2818"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24529"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25734"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471733/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/24529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34932"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}