Lucene search

MitreCVE-2006-3829

HistoryJul 25, 2006 - 1:22 p.m.

CVE-2006-3829

2006-07-2513:22:00

mitre

web.nvd.nist.gov

cve-2006-3829

cross-site request forgery

csrf vulnerability

kailash nadh

boastmachine

bmachine

unauthorized actions

administrator

delete_user action

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.3

Confidence

Low

EPSS

0.011

Percentile

84.4%

JSON

Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote attackers to perform unauthorized actions as an administrator and delete arbitrary user accounts via a delete_user action.

Affected configurations

Nvd

Node

kailash_nadhboastmachineMatch2.5

kailash_nadhboastmachineMatch2.7

kailash_nadhboastmachineMatch2.8

kailash_nadhboastmachineMatch2.9b

kailash_nadhboastmachineMatch3.1

VendorProductVersionCPE
kailash_nadhboastmachine2.5cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
kailash_nadhboastmachine2.7cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
kailash_nadhboastmachine2.8cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
kailash_nadhboastmachine2.9bcpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*
kailash_nadhboastmachine3.1cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kailash_nadh	boastmachine	2.5	cpe:2.3:a:kailash_nadh:boastmachine:2.5:::::::*
kailash_nadh	boastmachine	2.7	cpe:2.3:a:kailash_nadh:boastmachine:2.7:::::::*
kailash_nadh	boastmachine	2.8	cpe:2.3:a:kailash_nadh:boastmachine:2.8:::::::*
kailash_nadh	boastmachine	2.9b	cpe:2.3:a:kailash_nadh:boastmachine:2.9b:::::::*
kailash_nadh	boastmachine	3.1	cpe:2.3:a:kailash_nadh:boastmachine:3.1:::::::*

References

secunia.com/advisories/21066

securityreason.com/securityalert/1252

securitytracker.com/id?1016515

www.acid-root.new.fr/advisories/boastmachine.txt

www.securityfocus.com/archive/1/440306/100/0/threaded

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.3

Confidence

Low

EPSS

0.011

Percentile

84.4%

JSON

Related for CVE-2006-3829