CVE-2006-3830 — MEDIUM (4.0)

Vulnerability Description

The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.

CVSS Score

4.0

MEDIUM

AV:N/AC:L/Au:S/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Kailash Nadh	Boastmachine	2.5

References

http://secunia.com/advisories/21066Vendor Advisory
http://www.acid-root.new.fr/advisories/boastmachine.txtExploit
http://secunia.com/advisories/21066Vendor Advisory
http://www.acid-root.new.fr/advisories/boastmachine.txtExploit

FAQ

What is CVE-2006-3830?

CVE-2006-3830 is a vulnerability with a CVSS score of 4.0 (MEDIUM). The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to ...

How severe is CVE-2006-3830?

CVE-2006-3830 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-3830?

Check the references section above for vendor advisories and patch information. Affected products include: Kailash Nadh Boastmachine.