Vulnerability Description
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jetbox | Jetbox Cms | 2.1 |
References
- http://secunia.com/advisories/20889Vendor Advisory
- http://secunia.com/secunia_research/2006-57/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1339
- http://www.securityfocus.com/archive/1/441980/100/0/threaded
- http://www.securityfocus.com/bid/19303
- http://secunia.com/advisories/20889Vendor Advisory
- http://secunia.com/secunia_research/2006-57/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1339
- http://www.securityfocus.com/archive/1/441980/100/0/threaded
- http://www.securityfocus.com/bid/19303
FAQ
What is CVE-2006-3584?
CVE-2006-3584 is a vulnerability with a CVSS score of 7.5 (HIGH). Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variab...
How severe is CVE-2006-3584?
CVE-2006-3584 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3584?
Check the references section above for vendor advisories and patch information. Affected products include: Jetbox Jetbox Cms.