31 matches found
CVE-2007-0388
CVE-2007-0388 affects Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.x up to 2.3.6. The vulnerability is a SQL injection in the search.php handling of boardids[1] and other boardids[] parameters due to unsafe input handling, allowing remote attackers to execute arbitrary SQL commands. Publi...
CVE-2008-7192
The CVE-2008-7192 entry describes a Cross‑Site Request Forgery (CSRF) in WoltLab Burning Board (wBB) 3.x, specifically index.php, allowing an attacker to hijack a user’s authenticated session to trigger a deletion of private messages via the pmID parameter in a delete action on a PM page. Affecte...
CVE-2005-1642
Concrete details found: CVE-2005-1642 affects Burning Board (Woltlab Burning Board) versions up to 2.3.1 and earlier. The vulnerability is an SQL Injection in the verify_email($email) function, allowing remote attackers to influence SQL queries via the $email variable and potentially access data ...
CVE-2006-1034
CVE-2006-1034 describes multiple cross-site scripting vulnerabilities in Woltlab Burning Board (wBB). The affected components are (1) galerie_index.php with the username parameter and (2) galerie_onfly.php, with the note that the second vector might not be XSS. Attacks can allow remote attackers ...
CVE-2006-1094
CVE-2006-1094 affects Woltlab Burning Board; the OpenVAS/NVD entries describe a SQL injection in the Database module. The vulnerable component is the Database module’s handling of the fileid parameter in info_db.php (and related database.php), which can allow remote SQL injection. The documents d...
CVE-2006-1324
CVE-2006-1324 describes a Cross-site Scripting (XSS) vulnerability in Woltlab Burning Board (wBB) 2.3.4, specifically in acp/lib/class_db_mysql.php. An attacker can inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated, potentially affecting users who view t...
CVE-2006-2569
The CVE covers a SQL injection in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board. The vulnerability lies in the links.php component where the cat parameter can be manipulated to cause arbitrary SQL execution. This exposes data via the database and can compromise integrity thr...
CVE-2005-0661
The CVE-2005-0661 entry affects Woltlab Burning Board 2.0.3 through 2.3.0. A SQL injection risk exists in the getwbbuserdata function in session.php, exploitable via the (1) userid or (2) lastvisit cookies, enabling an attacker to execute arbitrary SQL commands. The NVD metrics indicate a high ba...
CVE-2005-2673
CVE-2005-2673 concerns a SQL injection in the modcp.php script of Wol tlab Burning Board, affecting versions 2.2.2 and 2.3.3. The vulnerability arises from unsafely using user-supplied input in the queries for parameters (1) x and (2) y without proper sanitization, allowing remote authenticated a...
CVE-2005-1327
CVE-2005-1327 is a cross-site scripting vulnerability in Woltlab Burning Board 2.3.1 PL2 and earlier, affecting the pms.php script where the folderid parameter is not sanitized. The issue allows remote attackers to inject arbitrary HTML/script that is executed in a user’s browser within the conte...
CVE-2005-1285
CVE-2005-1285 affects WoltLab Burning Board (thread.php) and earlier 2.3.1, where an XSS flaw can be exploited via the hilight parameter to inject script/HTML. The vulnerability is rooted in insufficient input sanitization for hilight in thread.php. CVSS info from NVD shows a medium severity (3.0...
CVE-2006-5029
The CVE-2006-5029 entry describes an SQL injection in thread.php of WoltLab Burning Board (wBB) 2.3.x, allowing remote attackers to obtain the PHP, MySQL, and wBB version numbers via the page parameter. The report notes the issue may be a forced SQL error and that the original report was disputed...
CVE-2007-1443
CVE-2007-1443 covers multiple reflected cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e, exploitable via the register.php form fields (r_username, r_email, r_password, r_confirmpassword, r_homepage, …, r_timezoneoffset, r_usewysiwyg...
CVE-2002-1505
CVE-2002-1505 documents a SQL injection in the WoltLab Burning Board (wBB) 2.0 RC 1 and earlier. The vulnerability is in the board.php handler, exploitable via the boardid parameter, allowing remote attackers to modify the database and potentially gain privileges. This is supported by multiple so...
CVE-2006-3254
Woltlab Burning Board (WBB) 2.0 RC2 contains a SQL injection in newthread.php that allows remote attackers to execute arbitrary SQL commands via the boardid parameter. The vulnerability is described in CVE-2006-3254; original sources confirm the affected component and impact, but do not provide a...
CVE-2006-4317
CVE-2006-4317 affects WoltLab Burning Board (WBB) 2.3.5 in attachment.php. It is a cross-site scripting (XSS) vulnerability where a GIF image containing URL-encoded Javascript can be used to inject arbitrary script, with the impact described as partial confidentiality/integrity/availability in th...
CVE-2006-0927
CVE-2006-0927 describes multiple XSS vulnerabilities in the JGS-XA/JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x. The issue arises in the parameters (1) userid of jgs_galerie_slideshow.php and jgs_galerie_scroll.php, and (2) katid of jgs_galerie_slideshow.php, allowing r...
CVE-2006-2792
The CVE-2006-2792 entry concerns Woltlab Burning Board (WBB) 2.3.4. A SQL injection flaw exists in misc.php that lets remote attackers manipulate the database by supplying a crafted sid parameter, enabling arbitrary SQL execution. This is documented in the NVD entry for CVE-2006-2792 and reflecte...
CVE-2006-3219
CVE-2006-3219 describes an SQL injection in thread.php of Woltlab Burning Board (WBB) 2.2.2, allowing remote attackers to execute arbitrary SQL via the threadid parameter. The issue affects the WBB component and under the provided documents yields a CVSS base score of 7.5 (HIGH) with network atta...
CVE-2006-3255
CVE-2006-3255 affects Woltlab Burning Board (WBB) 1.2. The vulnerability is a SQL injection in showmods.php via the boardid parameter, enabling remote attackers to execute arbitrary SQL commands. Exploitation details are not provided in the available documents. Affected component is showmods.php;...
CVE-2006-1215
The CVE-2006-1215 entry describes a Cross‑site Scripting (XSS) vulnerability in Woltlab Burning Board (wBB) version 2.3.4, specifically in misc.php via the percent parameter. The underlying issue is reflected XSS-type behavior (as per the description, including notes of dispute about the disclosu...
CVE-2006-3256
SQL injection vulnerability in report.php of Woltlab Burning Board (WBB ) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter. Root cause: likely improper input handling in the postid field. Exploitation details are not provided in the connected documents. No ...
CVE-2007-1518
The CVE-2007-1518 entry describes a SQL injection in Woltlab Burning Board (wBB) 2.x, via usergroups.php where an attacker can manipulate the array index of applicationids to execute arbitrary SQL. The root cause is input handling that allows SQL commands through an array index, enabling remote e...
CVE-2008-0472
The CVE-2008-0472 entry concerns Woltlab Burning Board (wBB) 2.3.6 PL2. The vulnerable component is modcp.php, where a cross-site request forgery (CSRF) can cause thread deletion by a moderator or administrator via a thread_del action. The exploit does not require authentication, aligning with th...
CVE-2006-3218
The CVE-2006-3218 entry concerns Woltlab Burning Board (WBB) 2.1.6, where the profile.php component is vulnerable to SQL injection via the userid parameter. The root cause is improper handling of the userid input, enabling remote attackers to inject arbitrary SQL commands. The vulnerability is de...
CVE-2008-1716
Vulnerability summary (CVE-2008-1716): The issue is a cross-site scripting (XSS) flaw in WoltLab Community Framework (WCF) 1.0.6 within WoltLab Burning Board 3.0.5. It allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are echoed back in...
CVE-2002-2021
CVE-2002-2021 affects WoltLab Burning Board (wbboard) 1.1.1 with a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the message parameter. Multiple connected sources (Red Hat, CVE records, NVD/NIST, CVE List) corroborate the issue. T...
CVE-2006-3220
CVE-2006-3220 describes a SQL injection in the file studienplatztausch.php of Woltlab Burning Board (WBB) 2.2.1. The vulnerability allows remote attackers to craft input to the sid parameter and execute arbitrary SQL commands on the backend database. The available sources confirm the affected pro...
CVE-2002-0903
WoltLab Burning Board (wbboard) 1.1.1 is affected. The register.php flow uses a small set of random values for the code parameter passed to action.php to approve registrations, together with predictable new user IDs, enabling remote attackers to hijack new user accounts through brute-forcing the ...
CVE-2008-0857
This entry covers CVE-2008-0857: a SQL injection in WoltLab Burning Board 3.0.3 PL 1’s index.php, exploitable through the sortOrder parameter on the PMList page. The underlying flaw is an injectable SQL command path in the application’s handling of that parameter, allowing remote attackers to imp...
CVE-2008-1717
CVE-2008-1717 affects WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5. The vulnerability allows remote attackers to obtain the full file path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found. Thi...