Woltlab

woltlab

39 CVEs • 4 products

Products (4)

Click to collapse

Toggle

Burning Board Lite

burning_board_lite

Woltlab Burning Board

woltlab_burning_board

CVEs (39)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-3220 1Woltlab 1Burning Board Apr 16, 2026 Jun 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2006-3219 1Woltlab 1Burning Board Apr 16, 2026 Jun 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
CVE-2006-3218 1Woltlab 1Burning Board Apr 16, 2026 Jun 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-2006-2792 1Woltlab 1Burning Board Apr 16, 2026 Jun 3, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2006-2569 24r Linklist Woltlab 24r Linklist Burning Board Apr 16, 2026 May 24, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-1324 1Woltlab 1Burning Board Apr 16, 2026 Mar 21, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is ge...Show more Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.Show less
CVE-2006-1215 1Woltlab 1Burning Board Apr 16, 2026 Mar 14, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a...Show more Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS.Show less
CVE-2006-1094 2Datenbank Module Woltlab 2Burning Board Datenbank Module Apr 16, 2026 Mar 9, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allows remote attackers to execute arbitrary SQL commands via the fileid parameter to (1) info_db.php or (2) database.php.
CVE-2006-1034 1Woltlab 1Burning Board Apr 16, 2026 Mar 7, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galeri...Show more Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.Show less
CVE-2006-0927 2Jgs Xa Woltlab 2Burning Board Jgs Gallery Addon Apr 16, 2026 Feb 28, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid p...Show more Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA JGS-Gallery Addon 4.0.0 and earlier for Woltlab Burning Board (wBB) 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) userid parameter in (a) jgs_galerie_slideshow.php and (b) jgs_galerie_scroll.php, and the (2) katid parameter in (c) jgs_galerie_slideshow.php.Show less
CVE-2005-2673 1Woltlab 1Burning Board Apr 16, 2026 Aug 23, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters.
CVE-2005-1642 1Woltlab 1Burning Board Apr 16, 2026 May 17, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
CVE-2005-1327 1Woltlab 1Burning Board Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter.
CVE-2005-0661 1Woltlab 1Burning Board Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie...Show more SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.Show less
CVE-2005-1285 1Woltlab 1Burning Board Apr 16, 2026 Apr 22, 2005 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
CVE-2005-0284 1Woltlab 1Burning Book Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.
CVE-2002-1505 1Woltlab 1Burning Board Apr 16, 2026 Apr 2, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
CVE-2002-2021 1Woltlab 1Burning Board Apr 16, 2026 Dec 31, 2002 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2002-0903 1Woltlab 1Burning Board Apr 16, 2026 Oct 4, 2002 N/A· v4 N/A· v3 7.5 HIGH· v2 register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, whi...Show more register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small number of random values for the "code" parameter that is provided to action.php to approve a new registration, along with predictable new user ID's, which allows remote attackers to hijack new user accounts via a brute force attack on the new user ID and the code value.Show less