CVE-2008-0422
- EPSS 1.51%
- Veröffentlicht 23.01.2008 22:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
- EPSS 5.3%
- Veröffentlicht 12.10.2007 21:17:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
CVE-2007-2932
- EPSS 7.51%
- Veröffentlicht 31.05.2007 00:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action.
CVE-2007-2860
- EPSS 0.75%
- Veröffentlicht 24.05.2007 19:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
user.php in BoastMachine 3.0 platinum allows remote authenticated users to gain privileges via a modified id parameter, as demonstrated by an edit_post action.
CVE-2006-2491
- EPSS 10.96%
- Veröffentlicht 19.05.2006 23:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is ...
- EPSS 0.35%
- Veröffentlicht 09.01.2006 11:03:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
boastMachine 3.1 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php and (2) side_menu.php, which reveals the path in an error message.
CVE-2005-1580
- EPSS 1.98%
- Veröffentlicht 11.05.2005 04:00:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.