VYPR

Burning Book

by Woltlab

CVEs (3)

  • CVE-2006-5508Oct 25, 2006
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via (1) the n parameter and (2) the User-Agent HTTP header.

  • CVE-2006-5509Oct 25, 2006
    risk 0.03cvss epss 0.01

    Eval injection vulnerability in addentry.php in WoltLab Burning Book 1.1.2 allows remote attackers to execute arbitrary PHP code via crafted POST requests that store PHP code in a database that is later processed by eval, as demonstrated using SQL injection via the n parameter.

  • CVE-2005-0284Jan 10, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.