JetboxOne may allow unauthorized users to execute arbitrary code

Overview Lack of input validation in JetboxOne version 2.0.8 allows an user to upload arbitrary files to the vulnerable system. This could lead to the execution of arbitrary code. Description JetboxOne, an open-source content management system, could allow an attacker with "AUTHOR" privileges to...

JetboxOne leaves account database unencrypted

Overview JetboxOne does not encrypt information in the account information database. Any user with the ability to query the database may be able to view confidential account information. Description JetboxOne is an open-source content management system that is written in PHP. An information...