Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbb_userid parameter to the top-level URI. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in wBB Lite.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Woltlab Burning Board (wBB) Lite数字参数任意命令执行漏洞
Vulnerability Description
Woltlab Burning Board (wBB) Lite当输入数据含有数字参数并带有一个匹配字母数字参数的哈希值时,远程攻击者可通过传给顶级URI的web_userid参数来执行任意SQL命令。注意:可能存在争议称此漏洞是取消设置PHP命令中的bug引起的,并且应在PHP中提供适当的修补程序;如果是这样,那么这个问题将不被视为wBB Lite的漏洞。
CVSS Information
N/A
Vulnerability Type
N/A