Vulnerabilities > CVE-2007-0388 - SQL-Injection vulnerability in Burning Board

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
woltlab
nessus
exploit available

Summary

SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.

Vulnerable Configurations

Part Description Count
Application
Woltlab
1

Exploit-Db

  • descriptionWoltlab Burning Board. CVE-2007-0388. Webapps exploit for php platform
    fileexploits/php/webapps/3143.php
    idEDB-ID:3143
    last seen2016-01-31
    modified2007-01-17
    platformphp
    port
    published2007-01-17
    reportersilent vapor
    sourcehttps://www.exploit-db.com/download/3143/
    titleWoltlab Burning Board <= 1.0.2 / 2.3.6 - search.php SQL Injection Exploit 1
    typewebapps
  • descriptionWoltlab Burning Board. CVE-2007-0388. Webapps exploit for php platform
    fileexploits/php/webapps/3144.pl
    idEDB-ID:3144
    last seen2016-01-31
    modified2007-01-17
    platformphp
    port
    published2007-01-17
    reportertrew
    sourcehttps://www.exploit-db.com/download/3144/
    titleWoltlab Burning Board <= 1.0.2 / 2.3.6 - search.php SQL Injection Exploit 2
    typewebapps

Nessus

NASL familyCGI abuses
NASL idBURNING_BOARD_BOARDIDS_SQL_INJECTION.NASL
descriptionThe version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the
last seen2020-06-01
modified2020-06-02
plugin id24223
published2007-01-18
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24223
titleWoltLab Burning Board search.php Multiple Parameter SQL Injection