CVE-2006-3584 - Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers

CVE-2006-3584

Summary

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.

References

http://secunia.com/advisories/20889
http://secunia.com/secunia_research/2006-57/advisory/
http://securityreason.com/securityalert/1339
http://www.securityfocus.com/archive/1/441980/100/0/threaded
http://www.securityfocus.com/bid/19303

Vulnerable Configurations

cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*
cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*
cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*
cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19303
bugtraq	20060802 Secunia Research: Jetbox Multiple Vulnerabilities
misc	http://secunia.com/secunia_research/2006-57/advisory/
secunia	20889
sreason	1339

Last major update

18-10-2018 - 16:48

Published

08-08-2006 - 23:04

Last modified

18-10-2018 - 16:48