{"api_version":"1","generated_at":"2026-06-20T12:37:31+00:00","cve":"CVE-2007-6518","urls":{"html":"https://cve.report/CVE-2007-6518","api":"https://cve.report/api/cve/CVE-2007-6518.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-6518","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-6518"},"summary":{"title":"CVE-2007-6518","description":"Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-12-24 20:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.securityfocus.com/archive/1/485408/100/0/threaded","name":"http://www.securityfocus.com/archive/1/485408/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26973","name":"http://www.securityfocus.com/bid/26973","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Woltlab Burning Board Lite Search.PHP Multiple SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39174","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39174","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/39497","name":"http://www.osvdb.org/39497","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/28188","name":"http://secunia.com/advisories/28188","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Woltlab Burning Board Lite \"search.php\" SQL Injection Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/4300","name":"http://www.vupen.com/english/advisories/2007/4300","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-6518","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6518","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"6518","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"woltlab","cpe5":"burning_board_lite","cpe6":"1.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6518","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"woltlab","cpe5":"burning_board_lite","cpe6":"1.0.2_pl3e","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:11:05.709Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"woltlab-search-sql-injection(39174)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39174"},{"name":"20071220 Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/485408/100/0/threaded"},{"name":"ADV-2007-4300","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/4300"},{"name":"28188","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28188"},{"name":"26973","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/26973"},{"name":"39497","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/39497"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-12-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-15T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"woltlab-search-sql-injection(39174)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39174"},{"name":"20071220 Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/485408/100/0/threaded"},{"name":"ADV-2007-4300","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/4300"},{"name":"28188","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28188"},{"name":"26973","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/26973"},{"name":"39497","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/39497"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-6518","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"woltlab-search-sql-injection(39174)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39174"},{"name":"20071220 Woltlab Burning Board 1.0.2 SQL-Injection Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/485408/100/0/threaded"},{"name":"ADV-2007-4300","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/4300"},{"name":"28188","refsource":"SECUNIA","url":"http://secunia.com/advisories/28188"},{"name":"26973","refsource":"BID","url":"http://www.securityfocus.com/bid/26973"},{"name":"39497","refsource":"OSVDB","url":"http://www.osvdb.org/39497"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-6518","datePublished":"2007-12-24T20:00:00.000Z","dateReserved":"2007-12-24T00:00:00.000Z","dateUpdated":"2024-08-07T16:11:05.709Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-12-24 20:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:woltlab:burning_board_lite:1.0.2:*:*:*:*:*:*:*","matchCriteriaId":"47A4FDEE-C9F9-4F17-98CB-5F9714041C19"},{"vulnerable":true,"criteria":"cpe:2.3:a:woltlab:burning_board_lite:1.0.2_pl3e:*:*:*:*:*:*:*","matchCriteriaId":"95D354C3-ACC4-430F-A659-379517BC62F5"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"6518","Ordinal":"1","Title":"CVE-2007-6518","CVE":"CVE-2007-6518","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"6518","Ordinal":"1","NoteData":"Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.","Type":"Description","Title":"CVE-2007-6518"},{"CveYear":"2007","CveId":"6518","Ordinal":"2","NoteData":"2007-12-24","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"6518","Ordinal":"3","NoteData":"2018-10-15","Type":"Other","Title":"Modified"}]}}}