Web application abuses : Woltlab Burning Board SQL injection flaw

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.80050

Categoría: Web application abuses

Título: Woltlab Burning Board SQL injection flaw

Resumen: The remote web server contains a PHP script that is susceptible to SQL; injection attacks.;; Description:;; The remote version of Burning Board includes an optional module, the Database module, that fails to properly; sanitize the 'fileid' parameter of the 'info_db.php' script, which can be exploited to launch SQL injection; attacks against the affected host.

Descripción: Summary:
The remote web server contains a PHP script that is susceptible to SQL
injection attacks.

Description:

The remote version of Burning Board includes an optional module, the Database module, that fails to properly
sanitize the 'fileid' parameter of the 'info_db.php' script, which can be exploited to launch SQL injection
attacks against the affected host.

Solution:
No known solution was made available for at least one year since the
disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to
upgrade to a newer release, disable respective features, remove the product or replace the product by
another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-3369
BugTraq ID: 15214
http://www.securityfocus.com/bid/15214
Bugtraq: 20051026 Woltlab Burning Board info_db.php multiple SQL injection (Google Search)
http://marc.info/?l=bugtraq&m=113034480129309&w=2
http://www.osvdb.org/20330
http://secunia.com/advisories/17347/
http://securityreason.com/securityalert/119
http://www.vupen.com/english/advisories/2005/2224
XForce ISS Database: wbb-infodb-sql-injection(22887)
https://exchange.xforce.ibmcloud.com/vulnerabilities/22887
Common Vulnerability Exposure (CVE) ID: CVE-2006-1094
BugTraq ID: 16914
http://www.securityfocus.com/bid/16914
Bugtraq: 20060301 Woltlab Burning Board 2.x (Datenbank MOD fileid) MultipleVulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/426583
http://www.nukedx.com/?viewdoc=17
http://www.osvdb.org/23808
http://www.osvdb.org/23810

Copyright Copyright (C) 2008 David Maciejak

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.80050
Categoría:	Web application abuses
Título:	Woltlab Burning Board SQL injection flaw
Resumen:	The remote web server contains a PHP script that is susceptible to SQL; injection attacks.;; Description:;; The remote version of Burning Board includes an optional module, the Database module, that fails to properly; sanitize the 'fileid' parameter of the 'info_db.php' script, which can be exploited to launch SQL injection; attacks against the affected host.
Descripción:	Summary: The remote web server contains a PHP script that is susceptible to SQL injection attacks. Description: The remote version of Burning Board includes an optional module, the Database module, that fails to properly sanitize the 'fileid' parameter of the 'info_db.php' script, which can be exploited to launch SQL injection attacks against the affected host. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3369 BugTraq ID: 15214 http://www.securityfocus.com/bid/15214 Bugtraq: 20051026 Woltlab Burning Board info_db.php multiple SQL injection (Google Search) http://marc.info/?l=bugtraq&m=113034480129309&w=2 http://www.osvdb.org/20330 http://secunia.com/advisories/17347/ http://securityreason.com/securityalert/119 http://www.vupen.com/english/advisories/2005/2224 XForce ISS Database: wbb-infodb-sql-injection(22887) https://exchange.xforce.ibmcloud.com/vulnerabilities/22887 Common Vulnerability Exposure (CVE) ID: CVE-2006-1094 BugTraq ID: 16914 http://www.securityfocus.com/bid/16914 Bugtraq: 20060301 Woltlab Burning Board 2.x (Datenbank MOD fileid) MultipleVulnerabilities (Google Search) http://www.securityfocus.com/archive/1/426583 http://www.nukedx.com/?viewdoc=17 http://www.osvdb.org/23808 http://www.osvdb.org/23810
Copyright	Copyright (C) 2008 David Maciejak