CVE-2004-0344
YaBB SE 1.5.4-1.5.5b - Unauthenticated Directory Traversal via ModifyMessage.php attachOld Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-0344. PoCs published by Alnitak & BackSpace.
AI-analyzed exploit summary The provided text describes SQL injection and directory traversal vulnerabilities in YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b. It includes an example URL demonstrating an SQL injection attack via the 'postid' parameter.
Description
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
Exploits (1)
The provided text describes SQL injection and directory traversal vulnerabilities in YaBB SE versions 1.5.4, 1.5.5, and 1.5.5b. It includes an example URL demonstrating an SQL injection attack via the 'postid' parameter.