CVE-2008-0422
- EPSS 3.27%
- Veröffentlicht 23.01.2008 22:00:00
- Zuletzt bearbeitet 16.06.2026 22:49:36
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- EPSS 3.42%
- Veröffentlicht 12.10.2007 21:17:00
- Zuletzt bearbeitet 16.06.2026 22:46:05
Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2007-2932
- EPSS 4.49%
- Veröffentlicht 31.05.2007 00:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:43
Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
CVE-2007-2860
- EPSS 1.14%
- Veröffentlicht 24.05.2007 19:30:00
- Zuletzt bearbeitet 16.06.2026 22:40:34
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.
CVE-2006-2491
- EPSS 2.75%
- Veröffentlicht 19.05.2006 23:02:00
- Zuletzt bearbeitet 16.06.2026 22:25:09
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is ...
- EPSS 1.18%
- Veröffentlicht 09.01.2006 11:03:00
- Zuletzt bearbeitet 16.06.2026 22:19:57
boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.
CVE-2005-1580
- EPSS 2.69%
- Veröffentlicht 11.05.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:13:18
users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.