Vulnerabilities > CVE-2007-2684 - SQL-Injection vulnerability in Jetbox CMS 2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://marc.info/?l=full-disclosure&m=117974375029054&w=2
- http://osvdb.org/34787
- http://osvdb.org/34788
- http://osvdb.org/34789
- http://osvdb.org/34790
- http://www.netvigilance.com/advisory0027
- http://www.osvdb.org/34783
- http://www.securityfocus.com/archive/1/469222/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34385