vendor:
Burning Board
by:
[R]
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Burning Board
Affected Version From: Woltlab Burning Board <= 2.3.3
Affected Version To: Woltlab Burning Board <= 2.3.3
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Platforms Tested:
Unknown
Info-DB SQL Injection Vulnerability
The Info-DB application is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user-supplied input before using it in SQL queries.