FKIE_CVE-2006-5509

Vulnerability from fkie_nvd - Published: 2006-10-25 22:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.
References
cve@mitre.orghttp://secunia.com/advisories/22442
cve@mitre.orghttp://securityreason.com/securityalert/1774
cve@mitre.orghttp://www.security.nnov.ru/Odocument711.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/448796/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/20563
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4062
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29599
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22442
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1774
af854a3a-2127-422b-91ae-364da2661108http://www.security.nnov.ru/Odocument711.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/448796/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20563
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4062
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29599
Impacted products
Vendor Product Version
woltlab burning_book 1.1.2
To clipboard Create KEV Entry 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:woltlab:burning_book:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B919D8D-D6E9-4171-9D59-8CA72EA78210",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n de Eval en el archivo addentry.php de WoltLab Burning Book 1.1.2 permite a atacantes remotos la ejecuci\u00f3n de c\u00f3digo PHP de su elecci\u00f3n mediante peticiones POST manipuladas que almacenan c\u00f3digo PHP en la Base de Datos que son luego procesados por el \"eval\", como el demostrado usando inyecciones de SQL a trav\u00e9s del par\u00e1metros n."
    }
  ],
  "id": "CVE-2006-5509",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-25T22:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22442"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1774"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.security.nnov.ru/Odocument711.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/448796/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/20563"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4062"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29599"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22442"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.security.nnov.ru/Odocument711.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/448796/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29599"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.