CVE-2006-6289

{"id": "CVE-2006-6289", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-05T11:28:00.000", "references": [{"url": "http://retrogod.altervista.org/wbblite_102_sql.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21265", "source": "cve@mitre.org"}, {"url": "http://retrogod.altervista.org/wbblite_102_sql.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/21265", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite."}, {"lang": "es", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 no libera correctamente variables cuando la informaci\u00f3n de entrada incluye un par\u00e1metro num\u00e9rico con un valor que encaja con valor hash de un par\u00e1metro alfanum\u00e9rico, lo cual permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro wbb_userid al URI de mayor nivel. NOTA: se podr\u00eda argumentar que esta vulnerabilidad es debida al fallo en el comando PHP unset (CVE-2006-3017) y la soluci\u00f3n deber\u00eda estar en PHP; si es as\u00ed, esta vulnerabilidad no debe ser tratada como tal en wBB Lite."}], "lastModified": "2024-11-21T00:22:21.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:woltlab:burning_board_lite:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A4FDEE-C9F9-4F17-98CB-5F9714041C19"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Successful exploitation requires that \"magic_quotes_gpc\" is disabled, and that \"register_globals\" is enabled."}