Vulnerabilities > CVE-2006-6237 - SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
woltlab
nessus
exploit available

Summary

SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.

Vulnerable Configurations

Part Description Count
Application
Woltlab
1

Exploit-Db

descriptionWoltlab Burning Board Lite 1.0.2 decode_cookie() SQL Injection Exploit. CVE-2006-6237. Webapps exploit for php platform
fileexploits/php/webapps/2841.php
idEDB-ID:2841
last seen2016-01-31
modified2006-11-24
platformphp
port
published2006-11-24
reporterrgod
sourcehttps://www.exploit-db.com/download/2841/
titleWoltlab Burning Board Lite 1.0.2 decode_cookie SQL Injection Exploit
typewebapps

Nessus

NASL familyCGI abuses
NASL idBURNING_BOARD_LITE_DECODE_COOKIE_SQL_INJECTION.NASL
descriptionThe remote version of Burning Board Lite fails to sanitize user- supplied cookie input before using it in the
last seen2020-06-01
modified2020-06-02
plugin id23733
published2006-11-27
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/23733
titleWoltLab Burning Board Lite thread.php decode_cookie Function threadvisit Cookie Parameter SQL Injection