Vulnerabilities > Woltlab

DATE CVE VULNERABILITY TITLE RISK
2008-01-29 CVE-2008-0472 Cross-Site Request Forgery (CSRF) vulnerability in Woltlab Burning Board 2.3.6Pl2
Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action.
network
woltlab CWE-352
4.3
2007-12-24 CVE-2007-6518 SQL Injection vulnerability in Woltlab Burning Board Lite 1.0.2/1.0.2Pl3E
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
network
low complexity
woltlab CWE-89
7.5
2007-03-20 CVE-2007-1518 SQL Injection vulnerability in Woltlab Burning Board UserGroups.PHP
SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
network
low complexity
woltlab
7.5
2007-03-14 CVE-2007-1443 Cross-Site Scripting vulnerability in Woltlab Burning Board and Burning Board Lite
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11) r_month, (12) r_day, (13) r_gender, (14) r_signature, (15) r_usertext, (16) r_invisible, (17) r_usecookies, (18) r_admincanemail, (19) r_emailnotify, (20) r_notificationperpm, (21) r_receivepm, (22) r_emailonpm, (23) r_pmpopup, (24) r_showsignatures, (25) r_showavatars, (26) r_showimages, (27) r_daysprune, (28) r_umaxposts, (29) r_dateformat, (30) r_timeformat, (31) r_startweek, (32) r_timezoneoffset, (33) r_usewysiwyg, (34) r_styleid, (35) r_langid, (36) key_string, (37) key_number, (38) disablesmilies, (39) disablebbcode, (40) disableimages, (41) field[1], (42) field[2], and (43) field[3] parameters.
network
woltlab CWE-79
4.3
2007-02-07 CVE-2007-0812 SQL Injection vulnerability in Woltlab Burning Board Lite Pms.PHP
SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
network
low complexity
woltlab
7.5
2007-01-19 CVE-2007-0388 SQL-Injection vulnerability in Burning Board
SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.
network
low complexity
woltlab
7.5
2006-12-05 CVE-2006-6289 SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI.
network
woltlab
6.8
2006-12-03 CVE-2006-6237 SQL-Injection vulnerability in Woltlab Burning Board Lite 1.0.2
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
network
low complexity
woltlab
7.5
2006-10-25 CVE-2006-5509 Unspecified vulnerability in Woltlab Burning Book 1.1.2
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
network
low complexity
woltlab
7.5
2006-10-25 CVE-2006-5508 SQL-Injection vulnerability in Woltlab Burning Book 1.1.2
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.
network
low complexity
woltlab
7.5