WoltLab Burning Book addentry.php user-agent Variable SQL Injection

2005-01-11T00:00:00
ID OSVDB:12895
Type osvdb
Reporter drhankey()
Modified 2005-01-11T00:00:00

Description

Vulnerability Description

Burning Book contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input upon submission to the 'addentry.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Burning Book contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input upon submission to the 'addentry.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.woltlab.com/ Security Tracker: 1012837 Other Advisory URL: http://board.it-security23.net/thread.php?threadid=1415&hilight=woltlab Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0103.html ISS X-Force ID: 18859 CVE-2005-0284 Bugtraq ID: 12214