{"api_version":"1","generated_at":"2026-05-14T12:27:45+00:00","cve":"CVE-2006-3831","urls":{"html":"https://cve.report/CVE-2006-3831","api":"https://cve.report/api/cve/CVE-2006-3831.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3831","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3831"},"summary":{"title":"CVE-2006-3831","description":"The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-07-25 13:22:00","updated_at":"2018-10-17 21:31:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.acid-root.new.fr/advisories/boastmachine.txt","name":"http://www.acid-root.new.fr/advisories/boastmachine.txt","refsource":"MISC","tags":[],"title":"new.fr is available for purchase - Sedo.com","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://securityreason.com/securityalert/1271","name":"1271","refsource":"SREASON","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016515","name":"1016515","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - boastMachine Input Validation Flaw Permits Cross-Site Scripting and SQL Injection Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/440306/100/0/threaded","name":"20060717 boastMachine <= 3.1 SQL Injection Exploit","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/21066","name":"21066","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - boastMachine Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3831","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3831","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3831","vulnerable":"1","versionEndIncluding":"3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"kailash_nadh","cpe5":"boastmachine","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-3831","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"21066","refsource":"SECUNIA","url":"http://secunia.com/advisories/21066"},{"name":"1016515","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016515"},{"name":"20060717 boastMachine <= 3.1 SQL Injection Exploit","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/440306/100/0/threaded"},{"name":"1271","refsource":"SREASON","url":"http://securityreason.com/securityalert/1271"},{"name":"http://www.acid-root.new.fr/advisories/boastmachine.txt","refsource":"MISC","url":"http://www.acid-root.new.fr/advisories/boastmachine.txt"}]}},"nvd":{"publishedDate":"2006-07-25 13:22:00","lastModifiedDate":"2018-10-17 21:31:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:kailash_nadh:boastmachine:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3831","Ordinal":"19157","Title":"CVE-2006-3831","CVE":"CVE-2006-3831","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3831","Ordinal":"1","NoteData":"The Backup selection in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier uses predicable filenames for database backups and stores the files under the web root with insufficient access control, which allows remote attackers to obtain sensitive information by downloading a backup file.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"3831","Ordinal":"2","NoteData":"2006-07-24","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3831","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}