Description
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
https://www.exploit-db.com/exploits/26425
References (7)
Scores
EPSS
0.0060
EPSS Percentile
69.7%
Details
Status
published
Published
Oct 30, 2005
Tracked Since
Feb 18, 2026