Описание
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-3799
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html
- http://secunia.com/advisories/21116
- http://securityreason.com/securityalert/1254
- http://www.securityfocus.com/archive/1/440435/100/0/threaded
- http://www.securityfocus.com/bid/19052
- http://www.vupen.com/english/advisories/2006/2879
EPSS
CVE ID
Связанные уязвимости
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
EPSS