{"id": "EDB-ID:32495", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Jetbox CMS 2.1 admin/cms/images.php orderby Parameter SQL Injection", "description": "Jetbox CMS 2.1 admin/cms/images.php orderby Parameter SQL Injection. CVE-2008-4651. Webapps exploit for php platform", "published": "2008-10-20T00:00:00", "modified": "2008-10-20T00:00:00", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/32495/", "reporter": "Omer Singer", "references": [], "cvelist": ["CVE-2008-4651"], "lastseen": "2016-02-03T17:07:20", "viewCount": 4, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2016-02-03T17:07:20", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-4651"]}, {"type": "exploitdb", "idList": ["EDB-ID:32496"]}], "modified": "2016-02-03T17:07:20", "rev": 2}, "vulnersScore": 7.2}, "sourceHref": "https://www.exploit-db.com/download/32495/", "sourceData": "source: http://www.securityfocus.com/bid/31824/info\r\n\r\nJetbox CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n\r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n\r\nJetbox CMS 2.1 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com/admin/cms/images.php?orderby=[INJECTION POINT]", "osvdbidlist": ["49255"]}

{"cve": [{"lastseen": "2020-10-03T11:51:02", "description": "Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.", "edition": 3, "cvss3": {}, "published": "2008-10-22T00:11:00", "title": "CVE-2008-4651", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.0, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-4651"], "modified": "2017-08-08T01:32:00", "cpe": ["cpe:/a:jetbox:jetbox_cms:2.1"], "id": "CVE-2008-4651", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4651", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T17:07:28", "description": "Jetbox CMS 2.1 admin/cms/nav.php nav_id Parameter SQL Injection. CVE-2008-4651. Webapps exploit for php platform", "published": "2008-10-20T00:00:00", "type": "exploitdb", "title": "Jetbox CMS 2.1 admin/cms/nav.php nav_id Parameter SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-4651"], "modified": "2008-10-20T00:00:00", "id": "EDB-ID:32496", "href": "https://www.exploit-db.com/exploits/32496/", "sourceData": "source: http://www.securityfocus.com/bid/31824/info\r\n \r\nJetbox CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n \r\nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nJetbox CMS 2.1 is vulnerable; other versions may also be affected.\r\n\r\nhttp://www.example.com/path/admin/cms/nav.php?task=editrecord&nav_id=[INJECTION POINT] ", "cvss": {"score": 6.0, "vector": "AV:NETWORK/AC:MEDIUM/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32496/"}]}