Vulnerability Details CVE-2006-3830
The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.0%
CVSS Severity
CVSS v2 Score 4.0
References
Products affected by CVE-2006-3830
-
cpe:2.3:a:kailash_nadh:boastmachine:2.5
-
cpe:2.3:a:kailash_nadh:boastmachine:2.7
-
cpe:2.3:a:kailash_nadh:boastmachine:2.8
-
cpe:2.3:a:kailash_nadh:boastmachine:2.9b
-
cpe:2.3:a:kailash_nadh:boastmachine:3.1