Vulnerabilities > CVE-2006-5509 - Unspecified vulnerability in Woltlab Burning Book 1.1.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | WoltLab Burning Book <= 1.1.2 Remote SQL Injection Exploit PoC. CVE-2006-5508,CVE-2006-5509. Webapps exploit for php platform |
| id | EDB-ID:2579 |
| last seen | 2016-01-31 |
| modified | 2006-10-16 |
| published | 2006-10-16 |
| reporter | ShAnKaR |
| source | https://www.exploit-db.com/download/2579/ |
| title | WoltLab Burning Book <= 1.1.2 - Remote SQL Injection Exploit PoC |
References
- http://secunia.com/advisories/22442
- http://securityreason.com/securityalert/1774
- http://www.security.nnov.ru/Odocument711.html
- http://www.securityfocus.com/archive/1/448796/100/100/threaded
- http://www.securityfocus.com/bid/20563
- http://www.vupen.com/english/advisories/2006/4062
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29599