Lucene search

[email protected]CVE-2006-3586

HistoryAug 08, 2006 - 11:04 p.m.

CVE-2006-3586

2006-08-0823:04:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-3586

sql injection

jetbox cms

security vulnerability

nvd

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.

CPENameOperatorVersion
jetbox:jetbox_cmsjetbox jetbox cmseq2.1_sr1

CPE	Name	Operator	Version
jetbox:jetbox_cms	jetbox jetbox cms	eq	2.1_sr1

References

secunia.com/advisories/20889

secunia.com/secunia_research/2006-57/advisory/

securityreason.com/securityalert/1339

www.securityfocus.com/archive/1/441980/100/0/threaded

www.securityfocus.com/bid/19303

exchange.xforce.ibmcloud.com/vulnerabilities/28168

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

Related for CVE-2006-3586

cve1 securityvulns1