Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 up to and including 1.5.5b allows remote malicious users to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yabb yabb 1.5.5b |
||
yabb yabb 1.5.5 |