CVE-2009-2311

SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:selbstzweck:rgallery_plugin:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:woltlab:burning_board:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-07-02 10:30

Updated : 2024-02-28 11:21


NVD link : CVE-2009-2311

Mitre link : CVE-2009-2311

CVE.ORG link : CVE-2009-2311


JSON object : View

Products Affected

woltlab

  • burning_board

selbstzweck

  • rgallery_plugin
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')