CVE-2006-3799

Name of the Vulnerable Software and Affected Versions DeluxeBB versions 1.07 and earlier

Description The issue allows remote attackers to bypass SQL injection protection mechanisms. This can be achieved by using lowercase statements such as union select in the login variable and certain other variables, which do not match the uppercase UNION SELECT that the protection mechanisms are looking for.

Recommendations For DeluxeBB versions 1.07 and earlier, as a temporary workaround, consider restricting the use of the login variable and other vulnerable variables in SQL queries until a patch is available. Avoid using the union select statement in affected API endpoints, such as "/api/v1/login", until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.