CVE-2006-5029

SQL injection vulnerability in thread.php in WoltLab Burning Board (wBB) 2.3.x allows remote attackers to obtain the version numbers of PHP, MySQL, and wBB via the page parameter. NOTE: this issue might be a forced SQL error. Also, the original report was disputed by a third party for 2.3.3 and 2.3.4.

Published: Sep 28, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5029
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
woltlab / burning_board	2.3.2	2.3.2.x
woltlab / burning_board	2.3.4	2.3.4.x
woltlab / burning_board	2.3.0	2.3.0.x
woltlab / burning_board	2.3.3	2.3.3.x
woltlab / burning_board	2.3.1	2.3.1.x
woltlab / burning_board	2.3.5	2.3.5.x

http://www.securityfocus.com/archive/1/446743/100/0/threaded
http://www.securityfocus.com/archive/1/446937/100/0/threaded
http://www.securityfocus.com/archive/1/446938/100/100/threaded
http://www.securityfocus.com/archive/1/447069/100/100/threaded

Vulnerability Database

289,784

CVE-2006-5029