Unrated severityNVD Advisory· Published Jul 25, 2006· Updated Jun 16, 2026
CVE-2006-3830
CVE-2006-3830
Description
The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.
Affected products
6cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:kailash_nadh:boastmachine:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.8:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:2.9b:*:*:*:*:*:*:*
- cpe:2.3:a:kailash_nadh:boastmachine:3.1:*:*:*:*:*:*:*
- (no CPE)range: <=3.1
Patches
Vulnerability mechanics
References
2- www.acid-root.new.fr/advisories/boastmachine.txtnvdExploit
- secunia.com/advisories/21066nvdVendor Advisory
News mentions
0No linked articles in our index yet.