Summary
The remote web server contains a PHP script that is susceptible to SQL injection attacks.
Description:
The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'info_db.php' script, which can be exploited to launch SQL injection attacks against the affected host.
Solution
Unknown at this time.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-3369, CVE-2006-1094 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ASP-Dev XM Event Diary Multiple Vulnerabilities
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
- ATutor < 1.5.1-pl1 Multiple Flaws