WoltLab Burning Board verify_email() Function SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the $email variable in the verify_email() function not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
Currently, there are no known workarounds or upgrades to correct this issue. However, Woltlab has reportedly released a patch to address this vulnerability.