CVE-2006-5029
published 2006-09-27CVE-2006-5029: SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
1.16%
63.2th percentile
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| woltlab | burning_board | — | — |
| woltlab | burning_board | — | — |
| woltlab | burning_board | — | — |
| woltlab | burning_board | — | — |
| woltlab | burning_board | — | — |
| woltlab | burning_board | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
WoltLab Burning Board 2.3.x thread.php page sql injection
vuldb·2026-04-23·CVSS 7.5
CVE-2006-5029 [HIGH] WoltLab Burning Board 2.3.x thread.php page sql injection
A vulnerability identified as critical has been detected in WoltLab Burning Board 2.3.x. The affected element is an unknown function of the file thread.php. The manipulation of the argument page leads to sql injection.
This vulnerability is traded as CVE-2006-5029. It is possible to initiate the attack remotely. There is no exploit available.
The existence of this vulnerability is still disputed at present.
GHSA
GHSA-2f24-pwmq-42fq: SQL injection vulnerability in thread
ghsa_unreviewed·2022-05-01
CVE-2006-5029 [HIGH] GHSA-2f24-pwmq-42fq: SQL injection vulnerability in thread
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/archive/1/446743/100/0/threadedhttp://www.securityfocus.com/archive/1/446937/100/0/threadedhttp://www.securityfocus.com/archive/1/446938/100/100/threadedhttp://www.securityfocus.com/archive/1/447069/100/100/threadedhttp://www.securityfocus.com/archive/1/446743/100/0/threadedhttp://www.securityfocus.com/archive/1/446937/100/0/threadedhttp://www.securityfocus.com/archive/1/446938/100/100/threadedhttp://www.securityfocus.com/archive/1/447069/100/100/threaded
2006-09-27
Published