Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026
CVE-2002-1846
CVE-2002-1846
Description
Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a user to submit the correct password before changing it to a new password, which allows remote attackers to modify passwords by stealing the cookie of another user, modifying the expiretime setting, and submitting the change in a profile2 action to index.php.
Affected products
3- Range: 1.40, 1.41
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.