3 matches found
CVE-2005-0284
CVE-2005-0284 describes a SQL injection vulnerability in Woltlab Burning Book 1.0 Gold and 1.1.1e (and possibly other versions) where the addentry.php script mishandles the user-agent parameter, allowing remote attackers to execute arbitrary SQL commands. The provided sources state the affected c...
CVE-2006-5509
The CVE concerns WoltLab Burning Book 1.1.2, where an eval injection vulnerability in addentry.php allows remote code execution. The issue arises when crafted POST data stores PHP code in the database, which is later processed by eval. The exploitation path is demonstrated via SQL injection throu...
CVE-2006-5508
The CVE-2006-5508 entry relates to WoltLab Burning Book 1.1.2, where multiple SQL injection vulnerabilities exist in addentry.php. The root cause is improper handling of input in the addentry functionality, allowing attackers to craft requests via the n parameter and the User-Agent HTTP header to...