Vulnerability in Jetbox Jetbox_cms
CVE-2006-3586
SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.
EPSS: 0.013 (66.9th percentile) — read the EPSS interpretation.
Affected products
- Jetbox Jetbox_cms — versions 2.1_sr1
- N/a — versions n/a
References
- PSIRT-CNA@flexerasoftware.com (vdb-entry, x_refsource_XF)
- PSIRT-CNA@flexerasoftware.com (vdb-entry, x_refsource_BID)
- PSIRT-CNA@flexerasoftware.com (mailing-list, x_refsource_BUGTRAQ)
- PSIRT-CNA@flexerasoftware.com (x_refsource_SREASON, third-party-advisory)
- PSIRT-CNA@flexerasoftware.com (x_refsource_MISC, Vendor Advisory)
- PSIRT-CNA@flexerasoftware.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)