Family: CGI abuses --> Category: attack
Burning Board wbb_userid parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in Burning Board Lite
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that is affected by a SQL
The remote version of Burning Board Lite fails to sanitize input to
the 'wbb_userid' parameter before using it in a database query.
Provided PHP's 'register_globals' setting is enabled and
'magic_quotes_gpc' setting is disabled, an unauthenticated attacker
may be able to leverage this issue to uncover sensitive information
(such as password hashes), modify existing data, or launch attacks
against the underlying database.
See also :
Unknown at this time.
Medium / CVSS Base Score : 5.6
Click HERE for more information and discussions on this network vulnerability scan.