vendor:
Woltlab Burning Board Lite
by:
rgod
7.5
CVSS
HIGH
SQL Injection
CWE
Product Name: Woltlab Burning Board Lite
Affected Version From: <= 1.0.2pl3e
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Unknown
Unknown
Woltlab Burning Board Lite <= 1.0.2pl3e pms.php / sql injection exploit
This exploit allows an attacker to perform SQL injection in the pms.php file of Woltlab Burning Board Lite version 1.0.2pl3e. The vulnerability exists in the $_POST['pmid'] argument, which is not properly sanitized before being used in database queries. This can be exploited by an attacker to manipulate the database and potentially execute arbitrary SQL commands.
Mitigation:
To mitigate this vulnerability, it is recommended to update to a patched version of Woltlab Burning Board Lite. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.
