SQL Injection in Jetbox Jetbox_cms

CVE-2008-4651

Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin…

Vulnerability class: SQL Injection

EPSS: 0.008 (51.8th percentile) — read the EPSS interpretation.

Affected products

Jetbox Jetbox_cms — versions 2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve@mitre.org (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Exploit, vdb-entry, x_refsource_BID)