CVE-2006-6289 - OpenCVE

Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Woltlab	Burning Board Lite

Configuration 1 [-]

cpe:2.3:a:woltlab:burning_board_lite:1.0.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://retrogod.altervista.org/wbblite_102_sql.html
http://www.securityfocus.com/archive/1/452561/100/0/threaded
http://www.securityfocus.com/bid/21265

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-12-05T11:00:00

Updated: 2024-08-07T20:19:35.134Z

Reserved: 2006-12-05T00:00:00

Link: CVE-2006-6289

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-12-05T11:28:00.000

Modified: 2018-10-17T21:47:38.237

Link: CVE-2006-6289

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-11-24T00:00:00", "descriptions": [{"lang": "en", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "21265", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21265"}, {"tags": ["x_refsource_MISC"], "url": "http://retrogod.altervista.org/wbblite_102_sql.html"}, {"name": "20061124 Wolflab Burning Board Lite 1.0.2 two sql injections", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-6289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "21265", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21265"}, {"name": "http://retrogod.altervista.org/wbblite_102_sql.html", "refsource": "MISC", "url": "http://retrogod.altervista.org/wbblite_102_sql.html"}, {"name": "20061124 Wolflab Burning Board Lite 1.0.2 two sql injections", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:19:35.134Z"}, "title": "CVE Program Container", "references": [{"name": "21265", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21265"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://retrogod.altervista.org/wbblite_102_sql.html"}, {"name": "20061124 Wolflab Burning Board Lite 1.0.2 two sql injections", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-6289", "datePublished": "2006-12-05T11:00:00", "dateReserved": "2006-12-05T00:00:00", "dateUpdated": "2024-08-07T20:19:35.134Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:woltlab:burning_board_lite:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "47A4FDEE-C9F9-4F17-98CB-5F9714041C19", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite."}, {"lang": "es", "value": "Woltlab Burning Board (wBB) Lite 1.0.2 no libera correctamente variables cuando la informaci\u00f3n de entrada incluye un par\u00e1metro num\u00e9rico con un valor que encaja con valor hash de un par\u00e1metro alfanum\u00e9rico, lo cual permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro wbb_userid al URI de mayor nivel. NOTA: se podr\u00eda argumentar que esta vulnerabilidad es debida al fallo en el comando PHP unset (CVE-2006-3017) y la soluci\u00f3n deber\u00eda estar en PHP; si es as\u00ed, esta vulnerabilidad no debe ser tratada como tal en wBB Lite."}], "evaluatorSolution": "Successful exploitation requires that \"magic_quotes_gpc\" is disabled, and that \"register_globals\" is enabled.", "id": "CVE-2006-6289", "lastModified": "2018-10-17T21:47:38.237", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-05T11:28:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://retrogod.altervista.org/wbblite_102_sql.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/21265"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}