CVE-2006-1094

Datenbank Module < 2.7 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nukedx · perlwebappsphp

https://www.exploit-db.com/exploits/1544

View Code ZIP pw:eip

References (5)

[Exploit] http://www.securityfocus.com/archive/1/426583

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23810

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/16914

[Third Party Advisory, VDB Entry] http://www.osvdb.org/23808

[Various Sources] http://www.nukedx.com/?viewdoc=17

Scores

EPSS 0.0071

EPSS Percentile 72.4%

Details

Status published

Products (14)

datenbank_module/datenbank_module < 2.7

woltlab/burning_board 1.1.1

woltlab/burning_board 2.0_beta_3

woltlab/burning_board 2.0_beta_4

woltlab/burning_board 2.0_beta_5

woltlab/burning_board 2.0_rc1

woltlab/burning_board 2.0_rc2

woltlab/burning_board 2.2.2

woltlab/burning_board 2.3.1

woltlab/burning_board 2.3.3

... and 4 more

Published Mar 09, 2006

Tracked Since Feb 18, 2026