CVE-2006-3831 - The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicabl

CVE-2006-3831

Summary

The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file.

References

http://secunia.com/advisories/21066
http://securityreason.com/securityalert/1271
http://securitytracker.com/id?1016515
http://www.acid-root.new.fr/advisories/boastmachine.txt
http://www.securityfocus.com/archive/1/440306/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:kailash_nadh:boastmachine:*:*:*:*:*:*:*:*
cpe:2.3:a:kailash_nadh:boastmachine:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 17-10-2018 - 21:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bugtraq	20060717 boastMachine <= 3.1 SQL Injection Exploit
misc	http://www.acid-root.new.fr/advisories/boastmachine.txt
sectrack	1016515
secunia	21066
sreason	1271

Last major update

17-10-2018 - 21:31

Published

25-07-2006 - 13:22

Last modified

17-10-2018 - 21:31