The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the ‘boardids’ parameter of the ‘search.php’ script before using it in database queries. Regardless of PHP’s ‘register_globals’ and ‘magic_quotes_gpc’ settings, an unauthenticated remote attacker can leverage this issue to launch SQL injection attacks against the affected application, including discovery of password hashes of users of the application.
Binary data 3888.prm
Vendor | Product | Version | CPE |
---|---|---|---|
woltlab | burning_board | cpe:/a:woltlab:burning_board |