CVE-2006-3799 (GCVE-0-2006-3799)

Vulnerability from cvelistv5 – Published: 2006-07-21 21:00 – Updated: 2024-08-07 18:39
VLAI?
Summary
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://securityreason.com/securityalert/1254 third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/19052 vdb-entryx_refsource_BID
http://secunia.com/advisories/21116 third-party-advisoryx_refsource_SECUNIA
http://lists.grok.org.uk/pipermail/full-disclosur… mailing-listx_refsource_FULLDISC
http://www.vupen.com/english/advisories/2006/2879 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/440435/100… mailing-listx_refsource_BUGTRAQ
Date Public ?
2006-07-18 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:39:54.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1254",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1254"
          },
          {
            "name": "19052",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19052"
          },
          {
            "name": "21116",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21116"
          },
          {
            "name": "20060718 Advisory : DeluxeBB mutiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html"
          },
          {
            "name": "ADV-2006-2879",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2879"
          },
          {
            "name": "20060718 DeluxeBB mutiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440435/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1254",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1254"
        },
        {
          "name": "19052",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19052"
        },
        {
          "name": "21116",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21116"
        },
        {
          "name": "20060718 Advisory : DeluxeBB mutiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html"
        },
        {
          "name": "ADV-2006-2879",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2879"
        },
        {
          "name": "20060718 DeluxeBB mutiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440435/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3799",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1254",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1254"
            },
            {
              "name": "19052",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19052"
            },
            {
              "name": "21116",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21116"
            },
            {
              "name": "20060718 Advisory : DeluxeBB mutiple vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html"
            },
            {
              "name": "ADV-2006-2879",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2879"
            },
            {
              "name": "20060718 DeluxeBB mutiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440435/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3799",
    "datePublished": "2006-07-21T21:00:00.000Z",
    "dateReserved": "2006-07-21T00:00:00.000Z",
    "dateUpdated": "2024-08-07T18:39:54.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2006-3799",
      "date": "2026-04-17",
      "epss": "0.00442",
      "percentile": "0.6331"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9A65D83C-FB89-46C8-8ABA-D9F66ACE8B88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"37F38906-2E8F-40E4-A03B-8121FDEF903C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:deluxebb:deluxebb:1.07:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC51CF33-9B6A-40BE-B5A6-3596C02C48B5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \\\"union select\\\" or possibly other statements that do not match the uppercase \\\"UNION SELECT.\\\"\"}, {\"lang\": \"es\", \"value\": \"DeluxeBB 1.07 y versiones anteriores permite a atacantes remotos evitar mecanismos de protecci\\u00f3n de inyecci\\u00f3n de SQL mediante la variable login y otras variables concretas, usando en m\\u00ednusculas \\\"union select\\\" \\u00f3 posiblemente otras consultas que no coinciden con \\\"UNION SELECT\\\" en may\\u00fasculas.\"}]",
      "id": "CVE-2006-3799",
      "lastModified": "2024-11-21T00:14:27.163",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-07-24T12:19:00.000",
      "references": "[{\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/21116\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/1254\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/440435/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/19052\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2879\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/21116\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/1254\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/440435/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19052\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2879\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3799\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-07-24T12:19:00.000\",\"lastModified\":\"2026-04-16T00:27:16.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \\\"union select\\\" or possibly other statements that do not match the uppercase \\\"UNION SELECT.\\\"\"},{\"lang\":\"es\",\"value\":\"DeluxeBB 1.07 y versiones anteriores permite a atacantes remotos evitar mecanismos de protecci\u00f3n de inyecci\u00f3n de SQL mediante la variable login y otras variables concretas, usando en m\u00ednusculas \\\"union select\\\" \u00f3 posiblemente otras consultas que no coinciden con \\\"UNION SELECT\\\" en may\u00fasculas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A65D83C-FB89-46C8-8ABA-D9F66ACE8B88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37F38906-2E8F-40E4-A03B-8121FDEF903C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:deluxebb:deluxebb:1.07:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC51CF33-9B6A-40BE-B5A6-3596C02C48B5\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21116\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1254\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/440435/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19052\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2879\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21116\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1254\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/440435/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/2879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.