10

CVE-2007-3208

EPSS 17.12%
Published 14.06.2007 19:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file.  NOTE: this can be leveraged to execute arbitrary code.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Yabb ≫ Yabb Version2.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	17.12%	0.947

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=538

http://osvdb.org/37236

http://osvdb.org/37237

http://secunia.com/advisories/25656

Patch

Vendor Advisory

http://www.securityfocus.com/bid/24455

Patch

http://www.securitytracker.com/id?1018236

http://www.yabbforum.com/community/?board=general%3Baction=display%3Bnum=1181678785

https://exchange.xforce.ibmcloud.com/vulnerabilities/34848

https://nvd.nist.gov/vuln/detail/CVE-2007-3208

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-3208

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-3208

EUVD