VULHUB ™

A vulnerability has been discovered in YaBB SE. Due to insufficient sanitization of some user-supplied variables by the 'News.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. By placing a script on an attacker-controlled host and mimicking the name and directory structure of the server, it is possible to cause a vulnerable server to include the attacker-supplied PHP script file.

A vulnerability has been discovered in YaBB SE. Due to insufficient sanitization of some user-supplied variables by the 'News.php' script, it is possible for a remote attacker to include a malicious PHP file in a URL. By placing a script on an attacker-controlled host and mimicking the name and directory structure of the server, it is possible to cause a vulnerable server to include the attacker-supplied PHP script file.