SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.exploit-db.com/exploits/8254 - | |
References | () http://www.securityfocus.com/bid/34194 - Exploit | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/49351 - |
Information
Published : 2009-07-02 10:30
Updated : 2024-11-21 01:04
NVD link : CVE-2009-2311
Mitre link : CVE-2009-2311
CVE.ORG link : CVE-2009-2311
JSON object : View
Products Affected
selbstzweck
- rgallery_plugin
woltlab
- burning_board
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')