| ID |
CVE-2006-3799
|
| Summary |
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT." |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*
cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*
-
cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*
cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*
-
cpe:2.3:a:deluxebb:deluxebb:1.07:*:*:*:*:*:*:*
cpe:2.3:a:deluxebb:deluxebb:1.07:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 17-10-2018 - 21:30) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 19052 | | bugtraq | 20060718 DeluxeBB mutiple vulnerabilities | | fulldisc | 20060718 Advisory : DeluxeBB mutiple vulnerabilities | | secunia | 21116 | | sreason | 1254 | | vupen | ADV-2006-2879 |
|
| Last major update |
17-10-2018 - 21:30 |
| Published |
24-07-2006 - 12:19 |
| Last modified |
17-10-2018 - 21:30 |
