CVE-2006-3584

Опубликовано: 08 авг. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.

Ссылки

http://secunia.com/advisories/20889
Vendor Advisory
http://secunia.com/secunia_research/2006-57/advisory/
Vendor Advisory
http://securityreason.com/securityalert/1339
http://www.securityfocus.com/archive/1/441980/100/0/threaded
http://www.securityfocus.com/bid/19303
http://secunia.com/advisories/20889
Vendor Advisory
http://secunia.com/secunia_research/2006-57/advisory/
Vendor Advisory
http://securityreason.com/securityalert/1339
http://www.securityfocus.com/archive/1/441980/100/0/threaded
http://www.securityfocus.com/bid/19303

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*

cpe:2.3:a:jetbox:jetbox_cms:2.1_sr1:*:*:*:*:*:*:*

EPSS

Процентиль: 75%

0.00911

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-r6cw-ghwx-qhxj

github

почти 4 года назад