CVE-2007-0388

critical

Description

SQL injection vulnerability in search.php in Woltlab Burning Board (wBB) 1.0.2 and earlier, and 2.3.6 and earlier in the 2.x series, allows remote attackers to execute arbitrary SQL commands via the boardids[1] and other boardids[] parameters.

References

https://www.exploit-db.com/exploits/3144

https://www.exploit-db.com/exploits/3143

https://exchange.xforce.ibmcloud.com/vulnerabilities/31550

http://osvdb.org/33872

Details

Source: Mitre, NVD

Published: 2007-01-19

Updated: 2017-10-19

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical