Woltlab · Woltlab Burning Board · CVE-2008-4627
**Name of the Vulnerable Software and Affected Versions**
WoltLab Burning Board (WBB) rGallery plugin version 1.09
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `itemID` parameter in the "RGalleryImageWrapper" page in "index.php".
**Recommendations**
For version 1.09 of the rGallery plugin, consider restricting access to the RGalleryImageWrapper page in index.php to minimize the risk of exploitation. Avoid using the `itemID` parameter in the affected page until the issue is resolved.