CVE-2006-3586 - SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL c

CVE-2006-3586

Summary

SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.

References

http://secunia.com/advisories/20889
http://secunia.com/secunia_research/2006-57/advisory/
http://securityreason.com/securityalert/1339
http://www.securityfocus.com/archive/1/441980/100/0/threaded
http://www.securityfocus.com/bid/19303
https://exchange.xforce.ibmcloud.com/vulnerabilities/28168

Vulnerable Configurations

cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*
cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:48)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	19303
bugtraq	20060802 Secunia Research: Jetbox Multiple Vulnerabilities
misc	http://secunia.com/secunia_research/2006-57/advisory/
secunia	20889
sreason	1339
xf	jetboxcms-index-sql-injection(28168)

Last major update

18-10-2018 - 16:48

Published

08-08-2006 - 23:04

Last modified

18-10-2018 - 16:48