Back to search
CVE-2002-1846
Published: Jun 28, 2005
Modified: Sep 16, 2024
PUBLISHED
Description
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20021018 New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now