CVE-2008-7192

WoltLab Burning Board <3.0.1 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7192. PoCs published by StAkeR.

AI-analyzed exploit summary This writeup describes multiple vulnerabilities in Woltlab Burning Board 3.0.x, including XSS, URL redirection, full path disclosure, and unauthorized deletion of private messages via BBCode IMG tag injection. No executable exploit code is provided.

Description

Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board (wBB) 3.0.1, and possibly other 3.x versions, allows remote attackers to hijack the authentication of users for requests that delete private messages via the pmID parameter in a delete action in a PM page, a different vulnerability than CVE-2008-0472.

Exploits (1)

exploitdb WRITEUP VERIFIED
by StAkeR · textwebappsphp
https://www.exploit-db.com/exploits/8183

This writeup describes multiple vulnerabilities in Woltlab Burning Board 3.0.x, including XSS, URL redirection, full path disclosure, and unauthorized deletion of private messages via BBCode IMG tag injection. No executable exploit code is provided.

Classification
Writeup 90%
Attack Type
Xss | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Woltlab Burning Board 3.0.x
No auth needed
Prerequisites: access to a vulnerable Woltlab Burning Board instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39990
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/487139/100/200/threaded

Scores

EPSS 0.0082
EPSS Percentile 52.4%

Details

CWE
CWE-352
Status published
Products (1)
woltlab/burning_board 3.0.1
Published Sep 09, 2009
Tracked Since Feb 18, 2026