CVE-2006-3827 - SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (forme

CVE-2006-3827

Summary

SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.

References

Vulnerable Configurations

cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 17-10-2018 - 21:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bugtraq	20060717 boastMachine <= 3.1 SQL Injection Exploit
misc	http://www.acid-root.new.fr/advisories/boastmachine.txt
sectrack	1016515
secunia	21066
sreason	1252
vupen	ADV-2006-2849
xf	boastmachine-search-sql-injection(27769)

Last major update

17-10-2018 - 21:31

Published

25-07-2006 - 13:22

Last modified

17-10-2018 - 21:31