PT-2006-2121 · Woltlab · Woltlab Burning Board

Published

2006-03-09

Updated

2008-09-05

CVE-2006-1094

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Woltlab Burning Board Datenbank MOD versions 2.7 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the fileid parameter to either "info db.php" or "database.php" API endpoints.

Recommendations For versions 2.7 and earlier, consider restricting access to the "info db.php" and "database.php" endpoints until a fix is available. As a temporary workaround, avoid using the fileid parameter in these endpoints to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1094

Affected Products

Woltlab Burning Board

PT-2006-2121 · Woltlab · Woltlab Burning Board

CVE-2006-1094

Related Identifiers

Affected Products

References · 8