CVE-2006-6289

Name of the Vulnerable Software and Affected Versions Woltlab Burning Board (wBB) Lite version 1.0.2

Description The issue arises when input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, allowing remote attackers to execute arbitrary SQL commands via the wbb userid parameter to the top-level URI.

Recommendations For Woltlab Burning Board (wBB) Lite version 1.0.2, consider restricting access to the wbb userid parameter in the top-level URI until a proper fix is applied, and ensure that input data is properly sanitized to prevent SQL command execution.