Vulnerabilities > CVE-2006-3584 - Input Validation vulnerability in Jetbox

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

jetbox

NVD

Published: 2006-08-08

Updated: 2018-10-18

Summary

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.

Vulnerable Configurations

Part	Description	Count
Application	Jetbox Jetbox Jetbox CMS 2.1 Jetbox Jetbox CMS 2.1_Sr1	2

References

http://secunia.com/advisories/20889
http://secunia.com/secunia_research/2006-57/advisory/
http://securityreason.com/securityalert/1339
http://www.securityfocus.com/archive/1/441980/100/0/threaded
http://www.securityfocus.com/bid/19303