CVE-2006-3828

Name of the Vulnerable Software and Affected Versions boastMachine (formerly bMachine) versions 3.1 and earlier

Description The issue allows remote authenticated administrators to bypass SQL injection protection mechanisms. This is possible because the product does not filter certain characters and keywords, such as commas, quote characters, pound sign (#) characters, UNION, and SELECT. The product only checks for specific keywords like "insert," "delete," "update," and "replace."

Recommendations For boastMachine (formerly bMachine) versions 3.1 and earlier, as a temporary workaround, consider restricting access to SQL functionality for remote authenticated administrators until a patch is available. Additionally, avoid using sensitive SQL queries that could be exploited by the bypass of SQL injection protection mechanisms. At the moment, there is no information about a newer version that contains a fix for this vulnerability.