CVE-2007-0812

Woltlab Burning Board (wBB) Lite <1.0.2pl3 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0812. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Woltlab Burning Board Lite <= 1.0.2pl3e via the `pms.php` script. It allows authenticated users to disclose admin credentials by manipulating the `pmid` parameter in a crafted POST request.

Description

SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) Lite 1.0.2pl3e and earlier allows remote authenticated users to execute arbitrary SQL commands via the pmid[0] parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/3262

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Woltlab Burning Board Lite <= 1.0.2pl3e via the `pms.php` script. It allows authenticated users to disclose admin credentials by manipulating the `pmid` parameter in a crafted POST request.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Woltlab Burning Board Lite <= 1.0.2pl3e

Auth required

Prerequisites: Valid user credentials · Access to the target's `pms.php` endpoint

MITRE ATT&CK