Vulnerability Description
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deluxebb | Deluxebb | 1.05 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html
- http://secunia.com/advisories/21116PatchVendor Advisory
- http://securityreason.com/securityalert/1254
- http://www.securityfocus.com/archive/1/440435/100/0/threaded
- http://www.securityfocus.com/bid/19052ExploitPatch
- http://www.vupen.com/english/advisories/2006/2879
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html
- http://secunia.com/advisories/21116PatchVendor Advisory
- http://securityreason.com/securityalert/1254
- http://www.securityfocus.com/archive/1/440435/100/0/threaded
- http://www.securityfocus.com/bid/19052ExploitPatch
- http://www.vupen.com/english/advisories/2006/2879
FAQ
What is CVE-2006-3799?
CVE-2006-3799 is a vulnerability with a CVSS score of 7.5 (HIGH). DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other ...
How severe is CVE-2006-3799?
CVE-2006-3799 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3799?
Check the references section above for vendor advisories and patch information. Affected products include: Deluxebb Deluxebb.