WoltLab Burning Board JGS-Portal jgs_portal_log.php Accept-Language Header SQL Injection

2005-05-16T06:28:38
ID OSVDB:16680
Type osvdb
Reporter deluxe89(deluxe@security-project.org)
Modified 2005-05-16T06:28:38

Description

Vulnerability Description

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Accept-Language header field in the jgs_portal_log.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Accept-Language header field in the jgs_portal_log.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.jgs-xa.de/ Secunia Advisory ID:15396 Related OSVDB ID: 16665 Related OSVDB ID: 16664 Related OSVDB ID: 16673 Related OSVDB ID: 16674 Related OSVDB ID: 16675 Related OSVDB ID: 16678 Related OSVDB ID: 16679 Related OSVDB ID: 16676 Related OSVDB ID: 16677 Related OSVDB ID: 16681 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0204.html CVE-2005-1633