Vulnerability Description
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kailash Nadh | Boastmachine | 2.5 |
References
- http://secunia.com/advisories/21066Vendor Advisory
- http://securityreason.com/securityalert/1252
- http://securitytracker.com/id?1016515
- http://www.acid-root.new.fr/advisories/boastmachine.txtExploit
- http://www.securityfocus.com/archive/1/440306/100/0/threaded
- http://www.vupen.com/english/advisories/2006/2849
- http://secunia.com/advisories/21066Vendor Advisory
- http://securityreason.com/securityalert/1252
- http://securitytracker.com/id?1016515
- http://www.acid-root.new.fr/advisories/boastmachine.txtExploit
- http://www.securityfocus.com/archive/1/440306/100/0/threaded
- http://www.vupen.com/english/advisories/2006/2849
FAQ
What is CVE-2006-3828?
CVE-2006-3828 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using co...
How severe is CVE-2006-3828?
CVE-2006-3828 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3828?
Check the references section above for vendor advisories and patch information. Affected products include: Kailash Nadh Boastmachine.