1. CVE-Search
  2. CVE-2006-1094
ID CVE-2006-1094
Summary SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
References
Vulnerable Configurations
  • cpe:2.3:a:datenbank_module:datenbank_module:*:*:*:*:*:*:*:*
    cpe:2.3:a:datenbank_module:datenbank_module:*:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_beta_3:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_beta_3:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_beta_4:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_beta_4:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_beta_5:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_beta_5:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.7:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 21:01)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16914
bugtraq 20060301 Woltlab Burning Board 2.x (Datenbank MOD fileid) MultipleVulnerabilities
misc http://www.nukedx.com/?viewdoc=17
osvdb
  • 23808
  • 23810
Last major update 05-09-2008 - 21:01
Published 09-03-2006 - 13:06
Last modified 05-09-2008 - 21:01
Back to Top