CVE-2006-3586

SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/secunia_research/2006-57/advisory/	Vendor Advisory
http://secunia.com/advisories/20889	Vendor Advisory
http://www.securityfocus.com/bid/19303
http://securityreason.com/securityalert/1339
https://exchange.xforce.ibmcloud.com/vulnerabilities/28168
http://www.securityfocus.com/archive/1/441980/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*

Information

Published : 2006-08-08 16:04

Updated : 2018-10-18 09:48

NVD link : CVE-2006-3586

Mitre link : CVE-2006-3586

JSON object : View

CWE

NVD-CWE-Other

Products Affected

jetbox

jetbox_cms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://secunia.com/secunia_research/2006-57/advisory/", "name": "http://secunia.com/secunia_research/2006-57/advisory/", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/20889", "name": "20889", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/19303", "name": "19303", "tags": [], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/1339", "name": "1339", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28168", "name": "jetboxcms-index-sql-injection(28168)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/441980/100/0/threaded", "name": "20060802 Secunia Research: Jetbox Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3586", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-08-08T23:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:48Z"}

7.5 /10