Woltlab Burning Board vulnerabilities
31 known vulnerabilities affecting woltlab/burning_board.
Total CVEs
31
CISA KEV
0
Public exploits
18
Exploited in wild
0
Severity breakdown
HIGH18MEDIUM12LOW1
Vulnerabilities
Page 2 of 2
CVE-2006-3218P4HIGHCVSS 7.5v2.1.62006-06-24
CVE-2006-3218 [HIGH] CVE-2006-3218: SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attack
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
nvd
CVE-2006-3220P4HIGHCVSS 7.5v2.2.12006-06-24
CVE-2006-3220 [HIGH] CVE-2006-3220: SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows re
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
nvd
CVE-2005-0661P4HIGHCVSS 7.5v2.0.3v2.1.5+2 more2005-05-02
CVE-2005-0661 [HIGH] CVE-2005-0661: SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board
SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.
nvd
CVE-2006-5029P4HIGHCVSS 7.5v2.3.0v2.3.1+4 more2006-09-27
CVE-2006-5029 [HIGH] CVE-2006-5029: SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attacke
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
nvd
CVE-2002-0903P4HIGHCVSS 7.5v1.1.12002-10-04
CVE-2002-0903 [HIGH] CVE-2002-0903: register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.
nvd
CVE-2006-4317P4MEDIUMCVSS 6.8v2.3.52006-08-24
CVE-2006-4317 [MEDIUM] CVE-2006-4317: Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allo
Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab Burning Board (WBB) 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript.
nvd
CVE-2007-1443P4MEDIUMCVSS 4.3v2.3.62007-03-14
CVE-2007-1443 [MEDIUM] CWE-79 CVE-2007-1443: Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11)
nvd
CVE-2008-1717P4MEDIUMCVSS 5.0v3.0.52008-04-09
CVE-2008-1717 [MEDIUM] CWE-200 CVE-2008-1717: WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to ob
WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.
nvd
CVE-2008-1716P4MEDIUMCVSS 4.3v3.0.52008-04-09
CVE-2008-1716 [MEDIUM] CWE-79 CVE-2008-1716: Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burni
Cross-site scripting (XSS) vulnerability in WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the (1) page and (2) form parameters, which are not properly handled when they are reflected back in an error message.
nvd
CVE-2005-1327P4MEDIUMCVSS 4.3≤ 2.3.12005-05-02
CVE-2005-1327 [MEDIUM] CVE-2005-1327: Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier
Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter.
nvd
CVE-2008-0472P4MEDIUMCVSS 4.3v2.3.6_pl22008-01-29
CVE-2008-0472 [MEDIUM] CWE-352 CVE-2008-0472: Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL
Cross-site request forgery (CSRF) vulnerability in modcp.php in Woltlab Burning Board (wBB) 2.3.6 PL2 allows remote attackers to delete threads as moderators or administrators via a thread_del action.
nvd
← Previous2 / 2