CVE-2008-5947

YapBB 1.2 Beta 2 - Remote File Inclusion Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5947. PoCs published by CraCkEr.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in YapBB 1.2 Beta2 due to improper input sanitization. An attacker can exploit this by manipulating the 'cfgIncludeDirectory' parameter to include and execute arbitrary remote PHP code.

Description

PHP remote file inclusion vulnerability in include/class_yapbbcooker.php in YapBB 1.2.Beta 2 allows remote attackers to execute arbitrary PHP code via a URL in the cfgIncludeDirectory parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by CraCkEr · textwebappsphp
https://www.exploit-db.com/exploits/32244

The provided text describes a remote file inclusion vulnerability in YapBB 1.2 Beta2 due to improper input sanitization. An attacker can exploit this by manipulating the 'cfgIncludeDirectory' parameter to include and execute arbitrary remote PHP code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: YapBB 1.2 Beta2
No auth needed
Prerequisites: Remote file hosting with malicious PHP code · Network access to the vulnerable YapBB instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30686
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0808-exploits/yapbb-rfi.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44473

Scores

EPSS 0.0183
EPSS Percentile 76.0%

Details

CWE
CWE-94
Status published
Products (1)
yapbb/yapbb 1.2 beta2
Published Jan 22, 2009
Tracked Since Feb 18, 2026