Description
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Alnitak & BackSpace · textwebappsphp
https://www.exploit-db.com/exploits/23774
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107816202813083&w=2
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9774
Scores
EPSS
0.0286
EPSS Percentile
86.4%
Details
Status
published
Products (2)
yabb/yabb
1.5.5
yabb/yabb
1.5.5b
Published
Nov 23, 2004
Tracked Since
Feb 18, 2026