SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| 4r_linklist | 4r_linklist | * | 1.0_rc2 (including) |
| Burning_board | Woltlab | 2.0_beta_3 (including) | 2.0_beta_3 (including) |
| Burning_board | Woltlab | 2.0_beta_4 (including) | 2.0_beta_4 (including) |
| Burning_board | Woltlab | 2.0_beta_5 (including) | 2.0_beta_5 (including) |
| Burning_board | Woltlab | 2.0_rc1 (including) | 2.0_rc1 (including) |
| Burning_board | Woltlab | 2.0_rc2 (including) | 2.0_rc2 (including) |
| Burning_board | Woltlab | 2.2.2 (including) | 2.2.2 (including) |
| Burning_board | Woltlab | 2.3.1 (including) | 2.3.1 (including) |
| Burning_board | Woltlab | 2.3.3 (including) | 2.3.3 (including) |
| Burning_board | Woltlab | 2.3.4 (including) | 2.3.4 (including) |
References
- http://secunia.com/advisories/20167
- http://www.securityfocus.com/bid/18077
- http://www.vupen.com/english/advisories/2006/1925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26592
- https://www.exploit-db.com/exploits/1810
- http://secunia.com/advisories/20167
- http://www.securityfocus.com/bid/18077
- http://www.vupen.com/english/advisories/2006/1925
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26592
- https://www.exploit-db.com/exploits/1810