PT-2006-6224 · Woltlab · Woltlab Burning Book

Shankar

Published

2006-10-25

Updated

2018-10-17

CVE-2006-5509

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions WoltLab Burning Book version 1.1.2

Description The issue allows remote attackers to execute arbitrary PHP code via crafted POST requests. This is achieved by storing PHP code in a database that is later processed by eval(), potentially through SQL injection via the n parameter.

Recommendations For WoltLab Burning Book version 1.1.2, consider disabling the eval() function in the addentry.php file until a patch is available. Restrict access to the addentry.php file to minimize the risk of exploitation. Avoid using the n parameter in the affected POST requests until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5509

Affected Products

Woltlab Burning Book

PT-2006-6224 · Woltlab · Woltlab Burning Book

CVE-2006-5509

Related Identifiers

Affected Products

References · 9