1. CVE-Search
  2. CVE-2007-1518
ID CVE-2007-1518
Summary SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
References
Vulnerable Configurations
  • cpe:2.3:a:woltlab:burning_board:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_beta_3:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_beta_3:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_beta_4:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_beta_4:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_beta_5:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_beta_5:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:woltlab:burning_board:2.7:*:*:*:*:*:*:*
    cpe:2.3:a:woltlab:burning_board:2.7:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2018 - 16:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 22970
bugtraq
  • 20070314 Woltab Burning Board SQL Injection usergroups.php
  • 20070315 Re: [Full-disclosure] Woltab Burning Board SQL Injection usergroups.php
sreason 2455
Last major update 16-10-2018 - 16:38
Published 20-03-2007 - 20:19
Last modified 16-10-2018 - 16:38
Back to Top