CVE-2007-0388

Woltlab Burning Board < 1.0.2 and <= 2.3.6 - SQL Injection via BoardID Parameters

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2007-0388. PoCs published by 666, trew, silent vapor.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Woltlab Burning Board 2.3.6 or earlier. It extracts user credentials by injecting a UNION-based SQL query into the search.php endpoint.

Description

SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.

Exploits (3)

exploitdb WORKING POC VERIFIED

by 666 · perlwebappsphp

https://www.exploit-db.com/exploits/3146

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Woltlab Burning Board 2.3.6 or earlier. It extracts user credentials by injecting a UNION-based SQL query into the search.php endpoint.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Woltlab Burning Board <= 2.3.6

No auth needed

Prerequisites: Target URL · User ID · Search string

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by trew · perlwebappsphp

https://www.exploit-db.com/exploits/3144

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Woltlab Burning Board 2.X/Lite via the 'search.php' script. It extracts user password hashes by manipulating the SQL query through the 'boardids' parameter.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Woltlab Burning Board 2.X/Lite

No auth needed

Prerequisites: Target must be running vulnerable Woltlab Burning Board version · Search functionality must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by silent vapor · phpwebappsphp

https://www.exploit-db.com/exploits/3143

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Woltlab Burning Board Lite and Burning Board via the search.php file. It extracts user hashes by injecting a UNION SELECT query into the boardids parameter.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Woltlab Burning Board Lite <= 1.0.2, Woltlab Burning Board <= 2.3.6

No auth needed

Prerequisites: Target server running vulnerable Woltlab Burning Board version · Access to the search.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/33872

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3143

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/31550

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/3144

Scores

EPSS 0.0104

EPSS Percentile 59.5%

Details

Status published

Products (1)

woltlab/burning_board < 1.0.2

Published Jan 19, 2007

Tracked Since Feb 18, 2026