CVE-2006-1094

Name of the Vulnerable Software and Affected Versions Woltlab Burning Board Datenbank MOD versions 2.7 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the fileid parameter to either "info db.php" or "database.php" API endpoints.

Recommendations For versions 2.7 and earlier, consider restricting access to the "info db.php" and "database.php" endpoints until a fix is available. As a temporary workaround, avoid using the fileid parameter in these endpoints to minimize the risk of exploitation.