Vulnerability Details CVE-2006-1094
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.nukedx.com/?viewdoc=17
- http://www.osvdb.org/23808
- http://www.osvdb.org/23810
- http://www.securityfocus.com/archive/1/426583
- http://www.securityfocus.com/bid/16914
- http://www.nukedx.com/?viewdoc=17
- http://www.osvdb.org/23808
- http://www.osvdb.org/23810
- http://www.securityfocus.com/archive/1/426583
- http://www.securityfocus.com/bid/16914
Products affected by CVE-2006-1094
-
cpe:2.3:a:datenbank_module:datenbank_module:*
-
cpe:2.3:a:woltlab:burning_board:1.1.1
-
cpe:2.3:a:woltlab:burning_board:2.0_beta_3
-
cpe:2.3:a:woltlab:burning_board:2.0_beta_4
-
cpe:2.3:a:woltlab:burning_board:2.0_beta_5
-
cpe:2.3:a:woltlab:burning_board:2.0_rc1
-
cpe:2.3:a:woltlab:burning_board:2.0_rc2
-
cpe:2.3:a:woltlab:burning_board:2.2.2
-
cpe:2.3:a:woltlab:burning_board:2.3.1
-
cpe:2.3:a:woltlab:burning_board:2.3.3
-
cpe:2.3:a:woltlab:burning_board:2.4
-
cpe:2.3:a:woltlab:burning_board:2.5
-
cpe:2.3:a:woltlab:burning_board:2.6
-
cpe:2.3:a:woltlab:burning_board:2.7