Vulnerabilities > Woltlab > Burning Book > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-25 | CVE-2006-5509 | Unspecified vulnerability in Woltlab Burning Book 1.1.2 Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter. | 7.5 |
| 2006-10-25 | CVE-2006-5508 | SQL-Injection vulnerability in Woltlab Burning Book 1.1.2 Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header. | 7.5 |
| 2005-01-10 | CVE-2005-0284 | SQL-Injection vulnerability in Woltlab Burning Book 1.0Gold/1.1.1E SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | 7.5 |