VYPR
Unrated severityNVD Advisory· Published May 2, 2005· Updated Jun 16, 2026

CVE-2005-0661

CVE-2005-0661

Description

SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.

Affected products

5
  • cpe:2.3:a:woltlab:burning_board:2.0.3:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:woltlab:burning_board:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:woltlab:burning_board:2.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:woltlab:burning_board:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:woltlab:burning_board:2.3.0:*:*:*:*:*:*:*
    • (no CPE)range: >=2.0.3, <=2.3.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.