CVE-2007-3295

YaBB 2.1 and earlier suffer a directory traversal vulnerability where remote authenticated users can execute arbitrary Perl code by manipulating the userlanguage profile setting; the userlanguage key is propagated to language variables across multiple YaBB scripts (HelpCentre.pl, ICQPager.pl, Sub...