CVE-2006-3799 Information

Description

DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables by using lowercase \union select\ or possibly other statements that do not match the uppercase \UNION SELECT.\

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047989.html http://secunia.com/advisories/21116 http://securityreason.com/securityalert/1254 http://www.securityfocus.com/archive/1/440435/100/0/threaded http://www.securityfocus.com/bid/19052 http://www.vupen.com/english/advisories/2006/2879