CVE-2006-6289

Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://retrogod.altervista.org/wbblite_102_sql.html	Exploit
http://www.securityfocus.com/archive/1/452561/100/0/threaded
http://www.securityfocus.com/bid/21265

Configurations

Configuration 1 (hide)

cpe:2.3:a:woltlab:burning_board_lite:1.0.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-12-05 11:28

Updated : 2024-02-28 11:01

NVD link : CVE-2006-6289

Mitre link : CVE-2006-6289

CVE.ORG link : CVE-2006-6289

JSON object : View

Products Affected

woltlab

burning_board_lite

CWE

NVD-CWE-Other

{"id": "CVE-2006-6289", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-12-05T11:28:00.000", "references": [{"url": "http://retrogod.altervista.org/wbblite_102_sql.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21265", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite."}, {"lang": "es", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 no libera correctamente variables cuando la informaci\u00f3n de entrada incluye un par\u00e1metro num\u00e9rico con un valor que encaja con valor hash de un par\u00e1metro alfanum\u00e9rico, lo cual permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro wbb_userid al URI de mayor nivel. NOTA: se podr\u00eda argumentar que esta vulnerabilidad es debida al fallo en el comando PHP unset (CVE-2006-3017) y la soluci\u00f3n deber\u00eda estar en PHP; si es as\u00ed, esta vulnerabilidad no debe ser tratada como tal en wBB Lite."}], "lastModified": "2018-10-17T21:47:38.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:woltlab:burning_board_lite:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47A4FDEE-C9F9-4F17-98CB-5F9714041C19"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Successful exploitation requires that \"magic_quotes_gpc\" is disabled, and that \"register_globals\" is enabled."}