EIP-2026-113466

PRE-CVE

Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113466. PoCs published by Easy Laster.

AI-analyzed exploit summary This Ruby script exploits a SQL injection vulnerability in the 'kategorie' parameter of the Regenbogenwiese addon for Woltlab Burning Board. It extracts sensitive user data (database version, user credentials, emails) via UNION-based SQL injection.

Description

Woltlab Burning Board Regenbogenwiese 2007 Addon - SQL Injection

Exploits (1)

exploitdb WORKING POC

by Easy Laster · textwebappsphp

https://www.exploit-db.com/exploits/29023

View Code ZIP pw:eip

This Ruby script exploits a SQL injection vulnerability in the 'kategorie' parameter of the Regenbogenwiese addon for Woltlab Burning Board. It extracts sensitive user data (database version, user credentials, emails) via UNION-based SQL injection.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Woltlab Burning Board Regenbogenwiese Addon v1.5

No auth needed

Prerequisites: Target must have the Regenbogenwiese addon installed · Target must be vulnerable to SQL injection in the 'kategorie' parameter

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026