CVE-2006-3255

Woltlab Burning Board 1.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3255. PoCs published by CrAzY CrAcKeR.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in WoltLab Burning Board, where the 'boardid' parameter in 'showmods.php' is not properly sanitized. It lacks actual exploit code, serving only as a vulnerability description.

Description

SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CrAzY CrAcKeR · textwebappsphp

https://www.exploit-db.com/exploits/28091

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in WoltLab Burning Board, where the 'boardid' parameter in 'showmods.php' is not properly sanitized. It lacks actual exploit code, serving only as a vulnerability description.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: WoltLab Burning Board (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/438184

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18597

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27353

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1153

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016374

Scores

EPSS 0.0111

EPSS Percentile 61.6%

Details

Status published

Products (1)

woltlab/burning_board 1.2

Published Jun 28, 2006

Tracked Since Feb 18, 2026