Vulnerability

    Yabb

Affected

    Yabb

Description

    Kosak found following.  There is an input validation problem  with
    the  'catsearch'  field,  which  gets  interpolated  in  an   open
    statement:

        open(FILE, "$boardsdir/$cattosearch") || &fatal_error("$txt{'23'}
        $currentboard.txt");

    where $cattosearch is a localized $catsearch, assigned:

        $catsearch = $FORM{'catsearch'};

    An  attacker  could  easily  create  a  malicious html form with a
    catsearch such as:

        ./../../../../../usr/bin/touch%20/tmp/foo|

    The amount  of directory  traversal will  vary from  site to site,
    depending on their YaBB setup.

Solution

    Nothing yet.