Unrated severityNVD Advisory· Published Jul 24, 2006· Updated Apr 16, 2026

CVE-2006-3799

Description

DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."

Affected products

Deluxebb/Deluxebb3 versions
cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:deluxebb:deluxebb:1.07:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/21116nvdPatchVendor Advisory
www.securityfocus.com/bid/19052nvdExploitPatch
lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.htmlnvd
securityreason.com/securityalert/1254nvd
www.securityfocus.com/archive/1/440435/100/0/threadednvd
www.vupen.com/english/advisories/2006/2879nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000