Vulnerabilities > CVE-2007-0388 - SQL-Injection vulnerability in Burning Board
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Woltlab Burning Board. CVE-2007-0388. Webapps exploit for php platform file exploits/php/webapps/3143.php id EDB-ID:3143 last seen 2016-01-31 modified 2007-01-17 platform php port published 2007-01-17 reporter silent vapor source https://www.exploit-db.com/download/3143/ title Woltlab Burning Board <= 1.0.2 / 2.3.6 - search.php SQL Injection Exploit 1 type webapps description Woltlab Burning Board. CVE-2007-0388. Webapps exploit for php platform file exploits/php/webapps/3144.pl id EDB-ID:3144 last seen 2016-01-31 modified 2007-01-17 platform php port published 2007-01-17 reporter trew source https://www.exploit-db.com/download/3144/ title Woltlab Burning Board <= 1.0.2 / 2.3.6 - search.php SQL Injection Exploit 2 type webapps
Nessus
NASL family | CGI abuses |
NASL id | BURNING_BOARD_BOARDIDS_SQL_INJECTION.NASL |
description | The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24223 |
published | 2007-01-18 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/24223 |
title | WoltLab Burning Board search.php Multiple Parameter SQL Injection |