Vulnerabilities > CVE-2006-5029 - SQL-Injection vulnerability in Burning Board

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

woltlab

NVD

Published: 2006-09-27

Updated: 2018-10-17

Summary

SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.

Vulnerable Configurations

Part	Description	Count
Application	Woltlab Woltlab Burning Board 2.3.0 Woltlab Burning Board 2.3.1 Woltlab Burning Board 2.3.2 Woltlab Burning Board 2.3.3 Woltlab Burning Board 2.3.4 Woltlab Burning Board 2.3.5	6

References

http://www.securityfocus.com/archive/1/446743/100/0/threaded
http://www.securityfocus.com/archive/1/446937/100/0/threaded
http://www.securityfocus.com/archive/1/446938/100/100/threaded
http://www.securityfocus.com/archive/1/447069/100/100/threaded