- Description
- SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-89
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rgallery:rgallery_plugin:1.09:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B719B8E2-7B71-4C5E-8D39-670C9F78953F"
},
{
"criteria": "cpe:2.3:a:woltlab:woltlab_burning_board:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FD30EC58-8914-4395-A40F-04FD95D26C9F"
}
],
"operator": "OR"
}
]
}
]