6.5
CVE-2006-3828
- EPSS 1.18%
- Veröffentlicht 25.07.2006 13:22:00
- Zuletzt bearbeitet 16.06.2026 22:27:54
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIncomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Kailash Nadh ≫ Boastmachine Version2.5
Kailash Nadh ≫ Boastmachine Version2.7
Kailash Nadh ≫ Boastmachine Version2.8
Kailash Nadh ≫ Boastmachine Version2.9b
Kailash Nadh ≫ Boastmachine Version3.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.18% | 0.637 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
http://secunia.com/advisories/21066
http://securityreason.com/securityalert/1252
http://securitytracker.com/id?1016515
http://www.acid-root.new.fr/advisories/boastmachine.txt
http://www.securityfocus.com/archive/1/440306/100/0/threaded
http://www.vupen.com/english/advisories/2006/2849