Lucene search

[email protected]CVE-2005-0661

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0661

2005-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sql injection

woltlab burning board

cve-2005-0661

security vulnerability

nvd

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.1%

JSON

SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.

CPENameOperatorVersion
woltlab:burning_boardwoltlab burning boardeq2.2.1
woltlab:burning_boardwoltlab burning boardeq2.1.5
woltlab:burning_boardwoltlab burning boardeq2.3.0
woltlab:burning_boardwoltlab burning boardeq2.0.3

CPE	Name	Operator	Version
woltlab:burning_board	woltlab burning board	eq	2.2.1
woltlab:burning_board	woltlab burning board	eq	2.1.5
woltlab:burning_board	woltlab burning board	eq	2.3.0
woltlab:burning_board	woltlab burning board	eq	2.0.3

References

secunia.com/advisories/14450

securitytracker.com/id?1013351

9.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.1%

JSON