CVE-2008-0857

WoltLab Burning Board 3.0.3 PL 1 - SQL Injection via PMList sortOrder Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0857. PoCs published by NBBN.

AI-analyzed exploit summary This exploit leverages a time-based blind SQL injection vulnerability in WoltLab Burning Board 3.0.X to extract the admin password hash. It uses the BENCHMARK function to infer characters of the hash based on response time delays.

Description

SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.

Exploits (1)

exploitdb WORKING POC VERIFIED
by NBBN · phpwebappsphp
https://www.exploit-db.com/exploits/5164

This exploit leverages a time-based blind SQL injection vulnerability in WoltLab Burning Board 3.0.X to extract the admin password hash. It uses the BENCHMARK function to infer characters of the hash based on response time delays.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: WoltLab Burning Board 3.0.X
Auth required
Prerequisites: Valid session cookies (wcf_cookieHash, wcf_userID, wcf_password) · Access to the target's PMList page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488345/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3680
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27885
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5164
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29020

Scores

EPSS 0.0100
EPSS Percentile 58.2%

Details

CWE
CWE-89
Status published
Products (1)
woltlab/burning_board 3.0.3_pl1
Published Feb 21, 2008
Tracked Since Feb 18, 2026