{"api_version":"1","generated_at":"2026-05-13T06:37:04+00:00","cve":"CVE-2006-3799","urls":{"html":"https://cve.report/CVE-2006-3799","api":"https://cve.report/api/cve/CVE-2006-3799.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3799","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3799"},"summary":{"title":"CVE-2006-3799","description":"DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\"","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-07-24 12:19:00","updated_at":"2018-10-17 21:30:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html","name":"20060718 Advisory : DeluxeBB mutiple vulnerabilities","refsource":"FULLDISC","tags":[],"title":"[Full-disclosure] Advisory : DeluxeBB mutiple vulnerabilities","mime":"text/html","httpstatus":"404","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/1254","name":"1254","refsource":"SREASON","tags":[],"title":"SecurityReason - DeluxeBB mutiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/440435/100/0/threaded","name":"20060718 DeluxeBB mutiple vulnerabilities","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21116","name":"21116","refsource":"SECUNIA","tags":["Patch","Vendor Advisory"],"title":"DeluxeBB Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/2879","name":"ADV-2006-2879","refsource":"VUPEN","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/19052","name":"19052","refsource":"BID","tags":["Exploit","Patch"],"title":"DeluxeBB Multiple Input Validation Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3799","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3799","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3799","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deluxebb","cpe5":"deluxebb","cpe6":"1.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3799","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deluxebb","cpe5":"deluxebb","cpe6":"1.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3799","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deluxebb","cpe5":"deluxebb","cpe6":"1.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3799","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deluxebb","cpe5":"deluxebb","cpe6":"1.05","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3799","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deluxebb","cpe5":"deluxebb","cpe6":"1.06","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3799","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"deluxebb","cpe5":"deluxebb","cpe6":"1.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3799","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\""}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1254","refsource":"SREASON","url":"http://securityreason.com/securityalert/1254"},{"name":"19052","refsource":"BID","url":"http://www.securityfocus.com/bid/19052"},{"name":"21116","refsource":"SECUNIA","url":"http://secunia.com/advisories/21116"},{"name":"20060718 Advisory : DeluxeBB mutiple vulnerabilities","refsource":"FULLDISC","url":"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html"},{"name":"ADV-2006-2879","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/2879"},{"name":"20060718 DeluxeBB mutiple vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/440435/100/0/threaded"}]}},"nvd":{"publishedDate":"2006-07-24 12:19:00","lastModifiedDate":"2018-10-17 21:30:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":true,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:deluxebb:deluxebb:1.05:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:deluxebb:deluxebb:1.07:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:deluxebb:deluxebb:1.06:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3799","Ordinal":"19125","Title":"CVE-2006-3799","CVE":"CVE-2006-3799","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3799","Ordinal":"1","NoteData":"DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase \"union select\" or possibly other statements that do not match the uppercase \"UNION SELECT.\"","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3799","Ordinal":"2","NoteData":"2006-07-21","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3799","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}