VYPR

bMachine

by Kailash Nadh

CVEs (3)

  • CVE-2008-0422Jan 23, 2008
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-5417Oct 12, 2007
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in index.php in boastMachine (aka bMachine) 2.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.

  • CVE-2006-1841Apr 19, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field.