{"api_version":"1","generated_at":"2026-06-20T12:36:56+00:00","cve":"CVE-2008-4627","urls":{"html":"https://cve.report/CVE-2008-4627","api":"https://cve.report/api/cve/CVE-2008-4627.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-4627","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-4627"},"summary":{"title":"CVE-2008-4627","description":"SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-10-21 01:18:02","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://secunia.com/advisories/32323","name":"http://secunia.com/advisories/32323","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Woltlab Burning Board rGallery \"itemID\" SQL Injection Vulnerability - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/6790","name":"https://www.exploit-db.com/exploits/6790","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"WBB Plugin rGallery 1.09 (itemID) Blind SQL Injection Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45966","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45966","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/31820","name":"http://www.securityfocus.com/bid/31820","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Woltlab Burning Board rGallery Plugin 'itemID' Parameter SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/4443","name":"http://securityreason.com/securityalert/4443","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"WBB Plugin rGallery 1.09 (itemID) Blind SQL Injection Exploit - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-4627","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4627","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"4627","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"rgallery","cpe5":"rgallery_plugin","cpe6":"1.09","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"4627","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"woltlab","cpe5":"woltlab_burning_board","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T10:24:20.695Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"32323","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32323"},{"name":"4443","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/4443"},{"name":"31820","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/31820"},{"name":"6790","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/6790"},{"name":"rgallery-index-sql-injection(45966)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45966"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-10-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"32323","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32323"},{"name":"4443","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/4443"},{"name":"31820","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/31820"},{"name":"6790","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/6790"},{"name":"rgallery-index-sql-injection(45966)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45966"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-4627","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"32323","refsource":"SECUNIA","url":"http://secunia.com/advisories/32323"},{"name":"4443","refsource":"SREASON","url":"http://securityreason.com/securityalert/4443"},{"name":"31820","refsource":"BID","url":"http://www.securityfocus.com/bid/31820"},{"name":"6790","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/6790"},{"name":"rgallery-index-sql-injection(45966)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45966"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-4627","datePublished":"2008-10-21T00:00:00.000Z","dateReserved":"2008-10-20T00:00:00.000Z","dateUpdated":"2024-08-07T10:24:20.695Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-10-21 01:18:02","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:rgallery:rgallery_plugin:1.09:*:*:*:*:*:*:*","matchCriteriaId":"B719B8E2-7B71-4C5E-8D39-670C9F78953F"},{"vulnerable":false,"criteria":"cpe:2.3:a:woltlab:woltlab_burning_board:*:*:*:*:*:*:*:*","matchCriteriaId":"FD30EC58-8914-4395-A40F-04FD95D26C9F"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"4627","Ordinal":"1","Title":"CVE-2008-4627","CVE":"CVE-2008-4627","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"4627","Ordinal":"1","NoteData":"SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.","Type":"Description","Title":"CVE-2008-4627"},{"CveYear":"2008","CveId":"4627","Ordinal":"2","NoteData":"2008-10-20","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"4627","Ordinal":"3","NoteData":"2017-09-28","Type":"Other","Title":"Modified"}]}}}