Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1094

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1094
Last Modified 05 Sep 2008 05:01:01
Published 09 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1094

Summary

SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.

Vulnerable Systems

Application

  • Datenbank Module 2.7

  • Woltlab Burning Board 1.1.1

  • Woltlab Burning Board 2.0 Beta 3

  • Woltlab Burning Board 2.0 Beta 4

  • Woltlab Burning Board 2.0 Beta 5

  • Woltlab Burning Board 2.0 Rc1

  • Woltlab Burning Board 2.0 Rc2

  • Woltlab Burning Board 2.2.2

  • Woltlab Burning Board 2.3.1

  • Woltlab Burning Board 2.3.3

  • Woltlab Burning Board 2.4

  • Woltlab Burning Board 2.5

  • Woltlab Burning Board 2.6

  • Woltlab Burning Board 2.7


References

BID - 16914

BUGTRAQ - 20060301 Woltlab Burning Board 2.x (Datenbank MOD fileid) MultipleVulnerabilities

MISC - http://www.nukedx.com/?viewdoc=17

OSVDB - 23810

OSVDB - 23808


Last Updated: 27 May 2016 10:41:55