CVE-2006-3830
Last modified
CVE-2006-3830 is a vulnerability of currently unknown severity. The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.
Description
The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kailash Nadh | Boastmachine | 2.5 |
| Kailash Nadh | Boastmachine | 2.7 |
| Kailash Nadh | Boastmachine | 2.8 |
| Kailash Nadh | Boastmachine | 2.9b |
| Kailash Nadh | Boastmachine | 3.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-3830?
How severe is CVE-2006-3830?
How do I fix CVE-2006-3830?
Are you affected by CVE-2006-3830?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST