Lucene search

MitreCVE-2002-1505

HistorySep 01, 2004 - 4:00 a.m.

CVE-2002-1505

2004-09-0104:00:00

mitre

web.nvd.nist.gov

sql injection

woltlab burning board

database modification

vulnerability

remote attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.002

Percentile

60.4%

JSON

SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.

Affected configurations

Nvd

Node

woltlabburning_boardRange≤2.0_rc1

woltlabburning_boardMatch2.0_beta_3

woltlabburning_boardMatch2.0_beta_4

woltlabburning_boardMatch2.0_beta_5

VendorProductVersionCPE
woltlabburning_board*cpe:2.3:a:woltlab:burning_board:*:*:*:*:*:*:*:*
woltlabburning_board2.0_beta_3cpe:2.3:a:woltlab:burning_board:2.0_beta_3:*:*:*:*:*:*:*
woltlabburning_board2.0_beta_4cpe:2.3:a:woltlab:burning_board:2.0_beta_4:*:*:*:*:*:*:*
woltlabburning_board2.0_beta_5cpe:2.3:a:woltlab:burning_board:2.0_beta_5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
woltlab	burning_board	*	cpe:2.3:a:woltlab:burning_board::::::::
woltlab	burning_board	2.0_beta_3	cpe:2.3:a:woltlab:burning_board:2.0_beta_3:::::::*
woltlab	burning_board	2.0_beta_4	cpe:2.3:a:woltlab:burning_board:2.0_beta_4:::::::*
woltlab	burning_board	2.0_beta_5	cpe:2.3:a:woltlab:burning_board:2.0_beta_5:::::::*

References

archives.neohapsis.com/archives/bugtraq/2002-09/0083.html

www.iss.net/security_center/static/10069.php

www.securityfocus.com/bid/5675

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.002

Percentile

60.4%

JSON

Related for CVE-2002-1505