SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 up to and including 2.3.0 allows remote malicious users to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
woltlab burning board 2.2.1 |
||
woltlab burning board 2.3.0 |
||
woltlab burning board 2.1.5 |
||
woltlab burning board 2.0.3 |