PT-2006-1970 · Woltlab+1 · Woltlab Burning Board+1

Published

2006-02-28

Updated

2018-10-18

CVE-2006-0927

CVSS v2.0

2.6

Low

Vector

AV:N/AC:H/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Woltlab Burning Board (wBB) versions 2.x with JGS-XA JGS-Gallery Addon version 4.0.0 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This is achieved via the userid parameter in files such as jgs galerie slideshow.php and jgs galerie scroll.php, and the katid parameter in jgs galerie slideshow.php.

Recommendations For Woltlab Burning Board (wBB) versions 2.x with JGS-XA JGS-Gallery Addon version 4.0.0 and earlier, consider disabling the jgs galerie slideshow.php and jgs galerie scroll.php files until a patch is available. Restrict access to these files to minimize the risk of exploitation. Avoid using the userid and katid parameters in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0927

Affected Products

Jgs-Xa Jgs-Gallery Addon

Woltlab Burning Board

PT-2006-1970 · Woltlab+1 · Woltlab Burning Board+1

CVE-2006-0927

Related Identifiers

Affected Products

References · 10