WoltLab Burning Board/Burning Board Lite Sessoin.PHP Multiple SQL Injection Vulnerabilities
BID:12718
Info
WoltLab Burning Board/Burning Board Lite Sessoin.PHP Multiple SQL Injection Vulnerabilities
| Bugtraq ID: | 12718 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 03 2005 12:00AM |
| Updated: | Mar 03 2005 12:00AM |
| Credit: | The vendor announced this vulnerability. |
| Vulnerable: |
Woltlab Burning Board Lite 1.0.1 e Woltlab Burning Board Lite 1.0 .0 Woltlab Burning Board 2.0 RC2 Woltlab Burning Board 2.0 RC1 Woltlab Burning Board 2.0 beta 5 Woltlab Burning Board 2.0 beta 4 Woltlab Burning Board 2.0 beta 3 Woltlab Burning Board 1.1.1 |
| Not Vulnerable: | |
Discussion
WoltLab Burning Board/Burning Board Lite Sessoin.PHP Multiple SQL Injection Vulnerabilities
WoltLab Burning Board/Burning Board Lite are reported prone to multiple SQL injection vulnerabilities. The vulnerabilities exist in the 'session.php' script.
An attacker may leverage these issues to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
WoltLab Burning Board/Burning Board Lite are reported prone to multiple SQL injection vulnerabilities. The vulnerabilities exist in the 'session.php' script.
An attacker may leverage these issues to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
Exploit / POC
WoltLab Burning Board/Burning Board Lite Sessoin.PHP Multiple SQL Injection Vulnerabilities
No exploit is required.
No exploit is required.
Solution / Fix
WoltLab Burning Board/Burning Board Lite Sessoin.PHP Multiple SQL Injection Vulnerabilities
Solution:
The vendor has released updates to address these vulnerabilities:
Woltlab Burning Board Lite 1.0 .0
Woltlab Burning Board Lite 1.0.1 e
Woltlab Burning Board 1.1.1
Woltlab Burning Board 2.0 beta 5
Woltlab Burning Board 2.0 beta 3
Woltlab Burning Board 2.0 RC2
Woltlab Burning Board 2.0 beta 4
Woltlab Burning Board 2.0 RC1
Solution:
The vendor has released updates to address these vulnerabilities:
Woltlab Burning Board Lite 1.0 .0
-
WoltLab wbblite102pl1e.zip
http://www.woltlab.org/dl/wbblite102pl1e.zip
Woltlab Burning Board Lite 1.0.1 e
-
WoltLab wbblite102pl1e.zip
http://www.woltlab.org/dl/wbblite102pl1e.zip
Woltlab Burning Board 1.1.1
-
WoltLab Burning Board Patch
A valid support contract is required to obtain this patch.
http://www.woltlab.de/members/?l=en
Woltlab Burning Board 2.0 beta 5
-
WoltLab Burning Board Patch
A valid support contract is required to obtain this patch.
http://www.woltlab.de/members/?l=en
Woltlab Burning Board 2.0 beta 3
-
WoltLab Burning Board Patch
A valid support contract is required to obtain this patch.
http://www.woltlab.de/members/?l=en
Woltlab Burning Board 2.0 RC2
-
WoltLab Burning Board Patch
A valid support contract is required to obtain this patch.
http://www.woltlab.de/members/?l=en
Woltlab Burning Board 2.0 beta 4
-
WoltLab Burning Board Patch
A valid support contract is required to obtain this patch.
http://www.woltlab.de/members/?l=en
Woltlab Burning Board 2.0 RC1
-
WoltLab Burning Board Patch
A valid support contract is required to obtain this patch.
http://www.woltlab.de/members/?l=en
References
WoltLab Burning Board/Burning Board Lite Sessoin.PHP Multiple SQL Injection Vulnerabilities
References:
References:
- CityForFree Product Page (CityForFree)
- Security Update for Burning Board 2 and Burning Board Lite released (WoltLab)