← back
CVE-2006-3799

CVE-2006-3799

EPSS 1.4%
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.htmlhttp://secunia.com/advisories/21116http://securityreason.com/securityalert/1254http://www.securityfocus.com/archive/1/440435/100/0/threadedhttp://www.securityfocus.com/bid/19052http://www.vupen.com/english/advisories/2006/2879