| VID |
21692 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Burning Board, according to its version number, has an SQL injection vulnerability in the modcp.php script. WoltLab's Burning Board and Burning Board Lite are forum software packages that use PHP and MySQL. WoltLab Burning Board version 2.3.3 and earlier versions could allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of user-supplied input passed to "x" and "y" parameters of the "modcp.php" script. This vulnerability could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* Note: This check solely relied on the version number of WoltLab Burning Board on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/408660
http://www.securitytracker.com/alerts/2005/Aug/1014746.html
* Platforms Affected:
WoltLab Burning Board version 2.3.3 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of September 2005.
Upgrade to the latest version of WoltLab Burning Board (wBB), when new fixed version becomes available from the WoltLab Burning Board Web site at http://www.woltlab.info/products/burning_board/index_en.php |
| Related URL |
CVE-2005-2673 (CVE) |
| Related URL |
14617 (SecurityFocus) |
| Related URL |
21962 (ISS) |
|
