Vulnerabilities > CVE-2006-5508 - SQL-Injection vulnerability in Woltlab Burning Book 1.1.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

woltlab

exploit available

NVD

Published: 2006-10-25

Updated: 2018-10-17

Summary

Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.

Vulnerable Configurations

Part	Description	Count
Application	Woltlab Woltlab Burning Book 1.1.2	1

Exploit-Db

description	WoltLab Burning Book <= 1.1.2 Remote SQL Injection Exploit PoC. CVE-2006-5508,CVE-2006-5509. Webapps exploit for php platform
id	EDB-ID:2579
last seen	2016-01-31
modified	2006-10-16
published	2006-10-16
reporter	ShAnKaR
source	https://www.exploit-db.com/download/2579/
title	WoltLab Burning Book <= 1.1.2 - Remote SQL Injection Exploit PoC

Summary

Vulnerable Configurations

Exploit-Db

References