SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions prior to 1.5.5 allows remote malicious users to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yabb yabb se 0.8 |
||
yabb yabb se 1.1.3 |
||
yabb yabb se 1.4.1 |
||
yabb yabb se 1.5.3 |
||
yabb yabb se 1.5.4 |
||
yabb yabb se 1.5.1 |
||
yabb yabb se 1.5.2 |
||
yabb yabb se 1.5.0 |
||
yabb yabb se 1.5.1_rc1 |