CVE-2006-3256

Woltlab Burning Board <2.3.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3256. PoCs published by CrAzY CrAcKeR.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in WoltLab Burning Board, where the 'postid' parameter in 'report.php' is not properly sanitized. It lacks actual exploit code but references the vulnerability details.

Description

SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CrAzY CrAcKeR · textwebappsphp

https://www.exploit-db.com/exploits/28090

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in WoltLab Burning Board, where the 'postid' parameter in 'report.php' is not properly sanitized. It lacks actual exploit code but references the vulnerability details.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: WoltLab Burning Board

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18597

Exploit mailing-list x_refsource_bugtraq

http://seclists.org/lists/bugtraq/2006/Jun/0614.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27351

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016374

Scores

EPSS 0.0111

EPSS Percentile 61.7%

Details

Status published

Products (1)

woltlab/burning_board 2.3.1

Published Jun 28, 2006

Tracked Since Feb 18, 2026