Woltlab Burning Board SQL Injection Flaw Network Vulnerability

Summary

The remote web server contains a PHP script that is susceptible to SQL injection attacks. Description: The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'info_db.php' script, which can be exploited to launch SQL injection attacks against the affected host.

Solution

Unknown at this time.

References

http://www.securityfocus.com/archive/1/426583/30/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3369, CVE-2006-1094
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ASP-Dev XM Event Diary Multiple Vulnerabilities
Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws

Woltlab Burning Board SQL injection flaw

Take action and discover your vulnerabilities