6.5

CVE-2006-3828

Exploit

EPSS 0.38%
Veröffentlicht 25.07.2006 13:22:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kailash Nadh ≫ Boastmachine Version2.5

Kailash Nadh ≫ Boastmachine Version2.7

Kailash Nadh ≫ Boastmachine Version2.8

Kailash Nadh ≫ Boastmachine Version2.9b

Kailash Nadh ≫ Boastmachine Version3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.584

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://secunia.com/advisories/21066

Vendor Advisory

http://securityreason.com/securityalert/1252

http://securitytracker.com/id?1016515

http://www.acid-root.new.fr/advisories/boastmachine.txt

Exploit

http://www.securityfocus.com/archive/1/440306/100/0/threaded

http://www.vupen.com/english/advisories/2006/2849

https://nvd.nist.gov/vuln/detail/CVE-2006-3828

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-3828

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-3828

EUVD