Vulnerabilities > Woltlab > Burning Book > 1.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-25 | CVE-2006-5509 | Unspecified vulnerability in Woltlab Burning Book 1.1.2 Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. | 7.5 |
2006-10-25 | CVE-2006-5508 | SQL-Injection vulnerability in Woltlab Burning Book 1.1.2 Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. | 7.5 |