Vulnerability Details CVE-2006-5029
SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/archive/1/446743/100/0/threaded
- http://www.securityfocus.com/archive/1/446937/100/0/threaded
- http://www.securityfocus.com/archive/1/446938/100/100/threaded
- http://www.securityfocus.com/archive/1/447069/100/100/threaded
- http://www.securityfocus.com/archive/1/446743/100/0/threaded
- http://www.securityfocus.com/archive/1/446937/100/0/threaded
- http://www.securityfocus.com/archive/1/446938/100/100/threaded
- http://www.securityfocus.com/archive/1/447069/100/100/threaded
Products affected by CVE-2006-5029
-
cpe:2.3:a:woltlab:burning_board:2.3.0
-
cpe:2.3:a:woltlab:burning_board:2.3.1
-
cpe:2.3:a:woltlab:burning_board:2.3.2
-
cpe:2.3:a:woltlab:burning_board:2.3.3
-
cpe:2.3:a:woltlab:burning_board:2.3.4
-
cpe:2.3:a:woltlab:burning_board:2.3.5