Lucene search

MitreCVE-2006-3827

HistoryJul 25, 2006 - 1:22 p.m.

CVE-2006-3827

2006-07-2513:22:00

mitre

web.nvd.nist.gov

cve-2006-3827

sql injection

bmc

inc

core

admin

search.inc.php

kailash nadh

boastmachine 3.1

nvd

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.005

Percentile

75.4%

JSON

SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter.

Affected configurations

Nvd

Node

kailash_nadhboastmachineMatch2.5

kailash_nadhboastmachineMatch2.7

kailash_nadhboastmachineMatch2.8

kailash_nadhboastmachineMatch2.9b

kailash_nadhboastmachineMatch3.1

VendorProductVersionCPE
kailash_nadhboastmachine2.5cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
kailash_nadhboastmachine2.7cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
kailash_nadhboastmachine2.8cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
kailash_nadhboastmachine2.9bcpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*
kailash_nadhboastmachine3.1cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kailash_nadh	boastmachine	2.5	cpe:2.3:a:kailash_nadh:boastmachine:2.5:::::::*
kailash_nadh	boastmachine	2.7	cpe:2.3:a:kailash_nadh:boastmachine:2.7:::::::*
kailash_nadh	boastmachine	2.8	cpe:2.3:a:kailash_nadh:boastmachine:2.8:::::::*
kailash_nadh	boastmachine	2.9b	cpe:2.3:a:kailash_nadh:boastmachine:2.9b:::::::*
kailash_nadh	boastmachine	3.1	cpe:2.3:a:kailash_nadh:boastmachine:3.1:::::::*

References

secunia.com/advisories/21066

securityreason.com/securityalert/1252

securitytracker.com/id?1016515

www.acid-root.new.fr/advisories/boastmachine.txt

www.securityfocus.com/archive/1/440306/100/0/threaded

www.vupen.com/english/advisories/2006/2849

exchange.xforce.ibmcloud.com/vulnerabilities/27769

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.005

Percentile

75.4%

JSON

Related for CVE-2006-3827