Login Sign Up

CVE-2013-2057

9.8 CRITICAL

📋 TL;DR

This vulnerability in YaBB forum software allows attackers to include local files via the 'guestlanguage' cookie parameter, potentially leading to remote code execution. It affects all YaBB installations through version 2.5.2. Attackers can exploit this without authentication to compromise vulnerable systems.

💻 Affected Systems

Products:
  • YaBB (Yet another Bulletin Board)
Versions: All versions through 2.5.2
Operating Systems: All platforms running YaBB
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Yabb by Yabb

View all CVEs affecting Yabb →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and installation of persistent backdoors.

🟠

Likely Case

Local file inclusion allowing sensitive file disclosure (configuration files, passwords) and potential code execution.

🟢

If Mitigated

Limited impact with proper input validation and file inclusion restrictions in place.

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication via HTTP cookie manipulation.
🏢 Internal Only: MEDIUM - Still exploitable by internal attackers or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple cookie manipulation required. Public exploit code and details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: YaBB 2.5.3 and later

Vendor Advisory: http://www.yabbforum.com/community/index.php?topic=316.0

Restart Required: No

Instructions:

1. Download YaBB 2.5.3 or later from official source. 2. Backup current installation. 3. Replace vulnerable files with patched versions. 4. Verify installation works correctly.

🔧 Temporary Workarounds

Input Validation Filter

all

Add input validation for guestlanguage cookie parameter to prevent directory traversal

Modify YaBB source to validate guestlanguage parameter against allowed values only

Web Application Firewall Rule

all

Block malicious cookie patterns containing directory traversal sequences

Add WAF rule to block cookies containing '../' or similar traversal patterns

🧯 If You Can't Patch

  • Implement strict input validation for all cookie parameters
  • Restrict file inclusion to specific allowed directories only

🔍 How to Verify

Check if Vulnerable:

Check YaBB version in admin panel or by examining source files. Versions 2.5.2 and earlier are vulnerable.

Check Version:

Check YaBB/version.txt or admin panel version display

Verify Fix Applied:

Verify version is 2.5.3 or later. Test cookie manipulation attempts are properly rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual cookie values containing '../' or similar patterns
  • Multiple failed file inclusion attempts
  • Access to sensitive system files via web requests

Network Indicators:

  • HTTP requests with manipulated guestlanguage cookie values
  • Traffic patterns showing directory traversal attempts

SIEM Query:

web_cookie:*guestlanguage* AND (web_cookie:*../* OR web_cookie:*..\*)

📊 Metadata

CVE ID: CVE-2013-2057
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-434
Published: February 11, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-2057, you might also want to check these:

CVE-2024-52490 10.0

This vulnerability allows attackers to upload arbitrary files, including web shells, to Pathomation ...

Same vulnerability type (CWE-434)
CVE-2024-43160 10.0

CVE-2024-43160 is an unauthenticated arbitrary file upload vulnerability in the BerqWP WordPress plu...

Same vulnerability type (CWE-434)
CVE-2024-8940 10.0

CVE-2024-8940 is a critical unrestricted file upload vulnerability in Scriptcase version 9.4.019 tha...

Same vulnerability type (CWE-434)