Unrated severityNVD Advisory· Published Jul 25, 2006· Updated Apr 16, 2026

CVE-2006-3828

Description

Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."

Affected products

Kailash Nadh/Boastmachine5 versions
cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.acid-root.new.fr/advisories/boastmachine.txtnvdExploit
secunia.com/advisories/21066nvdVendor Advisory
securityreason.com/securityalert/1252nvd
securitytracker.com/idnvd
www.securityfocus.com/archive/1/440306/100/0/threadednvd
www.vupen.com/english/advisories/2006/2849nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000