PT-2006-6918 · Woltlab · Woltlab Burning Board (Wbb) Lite

Published

2006-12-05

Updated

2018-10-17

CVE-2006-6289

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Woltlab Burning Board (wBB) Lite version 1.0.2

Description The issue arises when input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, allowing remote attackers to execute arbitrary SQL commands via the wbb userid parameter to the top-level URI.

Recommendations For Woltlab Burning Board (wBB) Lite version 1.0.2, consider restricting access to the wbb userid parameter in the top-level URI until a proper fix is applied, and ensure that input data is properly sanitized to prevent SQL command execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6289

Affected Products

Woltlab Burning Board (Wbb) Lite

PT-2006-6918 · Woltlab · Woltlab Burning Board (Wbb) Lite

CVE-2006-6289

Related Identifiers

Affected Products

References · 6