DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2006-07-21T21:00:00
Updated: 2018-10-17T20:57:01
Reserved: 2006-07-21T00:00:00
Link: CVE-2006-3799
JSON object: View
NVD Information
Status : Modified
Published: 2006-07-24T12:19:00.000
Modified: 2018-10-17T21:30:14.437
Link: CVE-2006-3799
JSON object: View
Redhat Information
No data.
CWE