CVE-2007-1443

Name of the Vulnerable Software and Affected Versions Woltlab Burning Board versions 2.3.6 Burning Board Lite version 1.0.2pl3e

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters in the register.php file. A third-party researcher has disputed some of the vectors, stating that only the r dateformat and r timeformat parameters in Burning Board 2.3.6 are affected.

Recommendations For Woltlab Burning Board version 2.3.6, consider disabling the register.php file or restricting access to it until a patch is available. For Burning Board Lite version 1.0.2pl3e, at the moment, there is no information about a newer version that contains a fix for this vulnerability.