Woltlab : Security Vulnerabilities, CVEs, Published In 2006 (Sql injection)
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
Max CVSS
7.5
EPSS Score
0.93%
Published
2006-12-03
Updated
2018-10-17
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
Max CVSS
7.5
EPSS Score
0.80%
Published
2006-10-25
Updated
2018-10-17
Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.
Max CVSS
7.5
EPSS Score
0.44%
Published
2006-10-25
Updated
2018-10-17
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
Max CVSS
7.5
EPSS Score
0.33%
Published
2006-09-27
Updated
2018-10-17
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2006-06-28
Updated
2017-07-20
SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
Max CVSS
7.5
EPSS Score
0.50%
Published
2006-06-28
Updated
2017-07-20
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
Max CVSS
7.5
EPSS Score
0.50%
Published
2006-06-28
Updated
2017-07-20
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.32%
Published
2006-06-24
Updated
2018-10-18
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
Max CVSS
7.5
EPSS Score
0.32%
Published
2006-06-24
Updated
2018-10-18
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
Max CVSS
7.5
EPSS Score
0.32%
Published
2006-06-24
Updated
2018-10-18
SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
Max CVSS
7.5
EPSS Score
0.33%
Published
2006-06-03
Updated
2018-10-18
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.57%
Published
2006-05-24
Updated
2017-10-19
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
Max CVSS
7.5
EPSS Score
0.57%
Published
2006-03-09
Updated
2008-09-05
13 vulnerabilities found