Lucene search

[email protected]CVE-2006-4737

HistorySep 13, 2006 - 10:07 p.m.

CVE-2006-4737

2006-09-1322:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-4737

nvd

sql injection

index.php

jetbox cms

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2.

CPENameOperatorVersion
jetbox:jetbox_cmsjetbox jetbox cmseq2.1_sr1

CPE	Name	Operator	Version
jetbox:jetbox_cms	jetbox jetbox cms	eq	2.1_sr1

References

securityreason.com/securityalert/1562

www.securityfocus.com/archive/1/445652/100/0/threaded

www.securityfocus.com/bid/19303

exchange.xforce.ibmcloud.com/vulnerabilities/28841

7.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.7%

JSON

Related for CVE-2006-4737

cve1 securityvulns1