Vulnerability Details CVE-2006-6237
SQL injection vulnerability in the decode_cookie function in thread.php in Woltlab Burning Board Lite 1.0.2 allows remote attackers to execute arbitrary SQL commands via the threadvisit Cookie parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://retrogod.altervista.org/wbblite_102_sql_mqg_bypass.html
- http://secunia.com/advisories/23077
- http://securityreason.com/securityalert/1955
- http://www.securityfocus.com/archive/1/452561/100/0/threaded
- http://www.vupen.com/english/advisories/2006/4694
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30561
- https://www.exploit-db.com/exploits/2841
- http://retrogod.altervista.org/wbblite_102_sql_mqg_bypass.html
- http://secunia.com/advisories/23077
- http://securityreason.com/securityalert/1955
- http://www.securityfocus.com/archive/1/452561/100/0/threaded
- http://www.vupen.com/english/advisories/2006/4694
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30561
- https://www.exploit-db.com/exploits/2841
Products affected by CVE-2006-6237
-
cpe:2.3:a:woltlab:burning_board_lite:1.0.2