FKIE_CVE-2006-6289

Vulnerability from fkie_nvd - Published: 2006-12-05 11:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.
References
cve@mitre.orghttp://retrogod.altervista.org/wbblite_102_sql.htmlExploit
cve@mitre.orghttp://www.securityfocus.com/archive/1/452561/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21265
af854a3a-2127-422b-91ae-364da2661108http://retrogod.altervista.org/wbblite_102_sql.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/452561/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21265
Impacted products
Vendor Product Version
woltlab burning_board_lite 1.0.2
To clipboard Create KEV Entry 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:woltlab:burning_board_lite:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "47A4FDEE-C9F9-4F17-98CB-5F9714041C19",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter\u0027s hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI.  NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite."
    },
    {
      "lang": "es",
      "value": "Woltlab Burning Board (wBB) Lite 1.0.2 no libera correctamente variables cuando la informaci\u00f3n de entrada incluye un par\u00e1metro num\u00e9rico con un valor que encaja con valor hash de un par\u00e1metro alfanum\u00e9rico, lo cual permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro wbb_userid al URI de mayor nivel. NOTA: se podr\u00eda argumentar que esta vulnerabilidad es debida al fallo en el comando PHP unset (CVE-2006-3017) y la soluci\u00f3n deber\u00eda estar en PHP; si es as\u00ed, esta vulnerabilidad no debe ser tratada como tal en wBB Lite."
    }
  ],
  "evaluatorSolution": "Successful exploitation requires that \"magic_quotes_gpc\" is disabled, and that \"register_globals\" is enabled.",
  "id": "CVE-2006-6289",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-05T11:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://retrogod.altervista.org/wbblite_102_sql.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21265"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://retrogod.altervista.org/wbblite_102_sql.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/452561/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21265"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.