| VID |
210018 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Burning Board software is vulnerable to multiple SQL injection vulnerabilities in the Info-DB module. WoltLab's Burning Board and Burning Board Lite are forum software packages that use PHP and MySQL. WoltLab Burning Board version 2.7 and earlier versions are vulnerable to multiple SQL injection vulnerabilities in the Info-DB module (info_db.php). These vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://www.securityfocus.com/archive/1/426583/30/0/threaded
* Platforms Affected:
WoltLab Burning Board version 2.7 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of WoltLab Burning Board (wBB) at
http://www.woltlab.com/wbb/ |
| Related URL |
CVE-2005-3369,CVE-2006-1094 (CVE) |
| Related URL |
15214,16914 (SecurityFocus) |
| Related URL |
22887,25319 (ISS) |
|
