Unrated severityNVD Advisory· Published Jul 25, 2006· Updated Apr 16, 2026

CVE-2006-3830

Description

The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.

Affected products

Kailash Nadh/Boastmachine5 versions
cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.acid-root.new.fr/advisories/boastmachine.txtnvdExploit
secunia.com/advisories/21066nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000