CVE-2006-3254

Woltlab Burning Board 2.0 RC2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3254. PoCs published by CrAzY CrAcKeR.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in WoltLab Burning Board, where the 'boardid' parameter in 'newthread.php' is not properly sanitized. It lacks actual exploit code but references the vulnerability details.

Description

SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CrAzY CrAcKeR · textwebappsphp

https://www.exploit-db.com/exploits/28089

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in WoltLab Burning Board, where the 'boardid' parameter in 'newthread.php' is not properly sanitized. It lacks actual exploit code but references the vulnerability details.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: WoltLab Burning Board

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1154

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18597

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/438252

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27350

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016374

Scores

EPSS 0.0111

EPSS Percentile 61.6%

Details

Status published

Products (1)

woltlab/burning_board 2.0_rc2

Published Jun 28, 2006

Tracked Since Feb 18, 2026