{"api_version":"1","generated_at":"2026-06-20T12:37:35+00:00","cve":"CVE-2009-2311","urls":{"html":"https://cve.report/CVE-2009-2311","api":"https://cve.report/api/cve/CVE-2009-2311.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-2311","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-2311"},"summary":{"title":"CVE-2009-2311","description":"SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-07-02 10:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-89","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://www.exploit-db.com/exploits/8254","name":"http://www.exploit-db.com/exploits/8254","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"WBB3 rGallery 1.2.3 (UserGallery) Blind SQL Injection Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49351","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49351","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/34194","name":"http://www.securityfocus.com/bid/34194","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"WBB3 rGallery 'userID' Parameter SQL Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-2311","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2311","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"2311","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"selbstzweck","cpe5":"rgallery_plugin","cpe6":"1.2.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"2311","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"woltlab","cpe5":"burning_board","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T05:44:55.950Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"rgallery-userid-sql-injection(49351)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49351"},{"name":"8254","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"http://www.exploit-db.com/exploits/8254"},{"name":"34194","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/34194"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2009-03-23T00:00:00.000Z","descriptions":[{"lang":"en","value":"SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-09-18T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"rgallery-userid-sql-injection(49351)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49351"},{"name":"8254","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"http://www.exploit-db.com/exploits/8254"},{"name":"34194","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/34194"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2009-2311","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"rgallery-userid-sql-injection(49351)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49351"},{"name":"8254","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/8254"},{"name":"34194","refsource":"BID","url":"http://www.securityfocus.com/bid/34194"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2009-2311","datePublished":"2009-07-02T10:00:00.000Z","dateReserved":"2009-07-02T00:00:00.000Z","dateUpdated":"2024-08-07T05:44:55.950Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-07-02 10:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-89","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:selbstzweck:rgallery_plugin:1.2.3:*:*:*:*:*:*:*","matchCriteriaId":"A9BEB1C5-5C45-49CA-B20E-C8B128CAB458"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:a:woltlab:burning_board:*:*:*:*:*:*:*:*","matchCriteriaId":"EC273A0A-B0E7-4C9D-9AE5-85542E9A205B"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"2311","Ordinal":"1","Title":"CVE-2009-2311","CVE":"CVE-2009-2311","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"2311","Ordinal":"1","NoteData":"SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.","Type":"Description","Title":"CVE-2009-2311"},{"CveYear":"2009","CveId":"2311","Ordinal":"2","NoteData":"2009-07-02","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"2311","Ordinal":"3","NoteData":"2017-09-18","Type":"Other","Title":"Modified"}]}}}