Vulnerabilities > Woltlab > Burning Board

DATE CVE VULNERABILITY TITLE RISK
2007-03-14 CVE-2007-1443 Cross-Site Scripting vulnerability in Woltlab Burning Board and Burning Board Lite
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters.
network
woltlab CWE-79
4.3
2007-01-19 CVE-2007-0388 SQL-Injection vulnerability in Burning Board
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
network
low complexity
woltlab
7.5
2006-09-27 CVE-2006-5029 SQL-Injection vulnerability in Burning Board
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter.
network
low complexity
woltlab
7.5
2006-08-24 CVE-2006-4317 HTML Injection vulnerability in Woltlab Burning Board 2.3.5
Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript.
network
woltlab
6.8
2006-06-28 CVE-2006-3256 SQL Injection vulnerability in Woltlab Burning Board 2.3.1
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
network
low complexity
woltlab
7.5
2006-06-28 CVE-2006-3255 SQL Injection vulnerability in Woltlab Burning Board 1.2
SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
network
low complexity
woltlab
7.5
2006-06-28 CVE-2006-3254 SQL Injection vulnerability in Woltlab Burning Board 2.0Rc2
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
network
low complexity
woltlab
7.5
2006-06-24 CVE-2006-3220 SQL-Injection vulnerability in Woltlab Burning Board 2.2.1
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
network
low complexity
woltlab
7.5
2006-06-24 CVE-2006-3219 SQL-Injection vulnerability in Woltlab Burning Board 2.2.2
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
network
low complexity
woltlab
7.5
2006-06-24 CVE-2006-3218 SQL-Injection vulnerability in Woltlab Burning Board 2.1.6
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
network
low complexity
woltlab
7.5