Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Yabb | Yabb | 1.40 (including) | 1.40 (including) |
Yabb | Yabb | 1.41 (including) | 1.41 (including) |
Yabb | Yabb | 1_gold_-_sp_1 (including) | 1_gold_-_sp_1 (including) |
Yabb | Yabb | 1_gold_-_sp_1.2 (including) | 1_gold_-_sp_1.2 (including) |
Yabb | Yabb | 1_gold_-_sp_1.3 (including) | 1_gold_-_sp_1.3 (including) |
Yabb | Yabb | 1_gold_-_sp_1.3.1 (including) | 1_gold_-_sp_1.3.1 (including) |
Yabb | Yabb | 1_gold_-_sp_1.3.2 (including) | 1_gold_-_sp_1.3.2 (including) |
Yabb | Yabb | 1_gold_release (including) | 1_gold_release (including) |
Yabb | Yabb | 2000-09-01 (including) | 2000-09-01 (including) |
Yabb | Yabb | 2000-09-11 (including) | 2000-09-11 (including) |