Lucene search
HistoryAug 08, 2006 - 11:04 p.m.
CVE-2006-3584
cve-2006-3584
dynamic variable evaluation
index.php
jetbox cms 2.1 sr1
remote attackers
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.3%
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.
Affected configurations
Node
jetboxjetbox_cmsMatch2.1
ORjetboxjetbox_cmsMatch2.1_sr1
| CPE | Name | Operator | Version |
|---|---|---|---|
| jetbox:jetbox_cms | jetbox jetbox cms | eq | 2.1 |
| jetbox:jetbox_cms | jetbox jetbox cms | eq | 2.1_sr1 |
Related
cvelist
cvelist
CVE-2006-3584
2006-08-08 23:00:00
nvd
nvd
CVE-2006-3584
2006-08-08 23:04:00
securityvulns
securityvulns
[Full-disclosure] Secunia Research: Jetbox Multiple Vulnerabilities
2006-08-02 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
High
0.021 Low
EPSS
Percentile
89.3%
Related for CVE-2006-3584