cbcvebase.

Woltlab Burning Board Lite vulnerabilities

6 known vulnerabilities affecting woltlab/burning_board_lite.

Total CVEs
6
CISA KEV
0
Public exploits
4
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM3

Vulnerabilities

Page 1 of 1
CVE-2007-6518P3HIGHCVSS 7.5PoCv1.0.2v1.0.2_pl3e2007-12-24
CVE-2007-6518 [HIGH] CWE-89 CVE-2007-6518: Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
nvd
CVE-2006-6237P3HIGHCVSS 7.5PoCv1.0.22006-12-03
CVE-2006-6237 [HIGH] CVE-2006-6237: SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lit SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
nvd
CVE-2007-0812P3HIGHCVSS 7.5PoCv1.0.0v1.0.1e+2 more2007-02-07
CVE-2007-0812 [HIGH] CVE-2007-0812: SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier all SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.
nvd
CVE-2006-6289P3MEDIUMCVSS 6.8PoCv1.0.22006-12-05
CVE-2006-6289 [MEDIUM] CVE-2006-6289: Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data include Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a b
nvd
CVE-2008-1323P4MEDIUMCVSS 6.8v2.02008-03-13
CVE-2008-1323 [MEDIUM] CWE-352 CVE-2008-1323: Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 B Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action.
nvd
CVE-2007-1443P4MEDIUMCVSS 4.3v1.0.2_pl3e2007-03-14
CVE-2007-1443 [MEDIUM] CWE-79 CVE-2007-1443: Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2 Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the (1) r_username, (2) r_email, (3) r_password, (4) r_confirmpassword, (5) r_homepage, (6) r_icq, (7) r_aim, (8) r_yim, (9) r_msn, (10) r_year, (11)
nvd
Woltlab Burning Board Lite vulnerabilities | cvebase