CVE-2009-2311

SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:selbstzweck:rgallery_plugin:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:woltlab:burning_board:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:04

Type Values Removed Values Added
References () http://www.exploit-db.com/exploits/8254 - () http://www.exploit-db.com/exploits/8254 -
References () http://www.securityfocus.com/bid/34194 - Exploit () http://www.securityfocus.com/bid/34194 - Exploit
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/49351 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/49351 -

Information

Published : 2009-07-02 10:30

Updated : 2024-11-21 01:04


NVD link : CVE-2009-2311

Mitre link : CVE-2009-2311

CVE.ORG link : CVE-2009-2311


JSON object : View

Products Affected

selbstzweck

  • rgallery_plugin

woltlab

  • burning_board
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')