CVE Vulnerabilities

CVE-2004-2403

Published: Dec 31, 2004 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.

Affected Software

Name Vendor Start Version End Version
Yabb Yabb 2000-09-11 2000-09-11
Yabb Yabb 1.40 1.40
Yabb Yabb 1_gold_-_sp_1 1_gold_-_sp_1
Yabb Yabb 1_gold_-_sp_1.3.2 1_gold_-_sp_1.3.2
Yabb Yabb 1_gold_-_sp_1.3 1_gold_-_sp_1.3
Yabb Yabb 2000-09-01 2000-09-01
Yabb Yabb 1_gold_-_sp_1.2 1_gold_-_sp_1.2
Yabb Yabb 1.41 1.41
Yabb Yabb 1_gold_release 1_gold_release
Yabb Yabb 1_gold_-_sp_1.3.1 1_gold_-_sp_1.3.1

References