CVE-2006-3584

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2006-57/advisory/	Vendor Advisory
http://secunia.com/advisories/20889	Vendor Advisory
http://www.securityfocus.com/bid/19303
http://securityreason.com/securityalert/1339
http://www.securityfocus.com/archive/1/441980/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:jetbox:jetbox_cms:2.1:::::::*
	cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:::::::*

Information

Published : 2006-08-08 16:04

Updated : 2018-10-18 09:48

NVD link : CVE-2006-3584

Mitre link : CVE-2006-3584

JSON object : View

CWE

NVD-CWE-Other

Products Affected

jetbox

jetbox_cms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2006-57/advisory/", "name": "http://secunia.com/secunia_research/2006-57/advisory/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/20889", "name": "20889", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/19303", "name": "19303", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/1339", "name": "1339", "tags": [], "refsource": "SREASON"}, {"url": "http://www.securityfocus.com/archive/1/441980/100/0/threaded", "name": "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3584", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-08-08T23:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:48Z"}

7.5 /10