Vulnerability Description
SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jetbox | Jetbox Cms | 2.1_sr1 |
References
- http://secunia.com/advisories/20889Vendor Advisory
- http://secunia.com/secunia_research/2006-57/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1339
- http://www.securityfocus.com/archive/1/441980/100/0/threaded
- http://www.securityfocus.com/bid/19303
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28168
- http://secunia.com/advisories/20889Vendor Advisory
- http://secunia.com/secunia_research/2006-57/advisory/Vendor Advisory
- http://securityreason.com/securityalert/1339
- http://www.securityfocus.com/archive/1/441980/100/0/threaded
- http://www.securityfocus.com/bid/19303
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28168
FAQ
What is CVE-2006-3586?
CVE-2006-3586 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) l...
How severe is CVE-2006-3586?
CVE-2006-3586 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3586?
Check the references section above for vendor advisories and patch information. Affected products include: Jetbox Jetbox Cms.