Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and previous versions allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT," which are not filtered by the product, which only checks for "insert," "delete," "update," and "replace."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kailash nadh boastmachine 2.7 |
||
kailash nadh boastmachine 2.8 |
||
kailash nadh boastmachine 2.9b |
||
kailash nadh boastmachine 3.1 |
||
kailash nadh boastmachine 2.5 |