Filtered by vendor Woltlab Subscriptions

Search

Switch to Advanced Search (Beta)
Total 46 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-1094 2 Datenbank Module, Woltlab 2 Datenbank Module, Burning Board 2025-04-03 N/A
SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
CVE-2002-0903 1 Woltlab 1 Burning Board 2025-04-03 N/A
register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.
CVE-2002-1505 1 Woltlab 1 Burning Board 2025-04-03 N/A
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
CVE-2005-0284 1 Woltlab 1 Burning Book 2025-04-03 N/A
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.
CVE-2006-1215 1 Woltlab 1 Burning Board 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS.
CVE-2005-3369 1 Woltlab 1 Burning Board 2025-04-03 N/A
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.