- Description
- SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-89
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:selbstzweck:rgallery_plugin:1.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9BEB1C5-5C45-49CA-B20E-C8B128CAB458"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:woltlab:burning_board:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EC273A0A-B0E7-4C9D-9AE5-85542E9A205B"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]