CVE-2006-3586: SQL Injection
First published: Tue Aug 08 2006(Updated: )
SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php.
Credit: PSIRT-CNA@flexerasoftware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jetbox CMS | =2.1_sr1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-3586?
CVE-2006-3586 is classified as a high severity vulnerability due to its potential for remote SQL command execution.
How do I fix CVE-2006-3586?
To fix CVE-2006-3586, update Jetbox CMS to a version that is not vulnerable or implement input validation and parameterized queries.
What are the affected components in CVE-2006-3586?
CVE-2006-3586 affects the index.php and admin/cms/index.php files, specifically through the frontsession COOKIE, view, and login parameters.
Who is impacted by CVE-2006-3586?
Any user of Jetbox CMS version 2.1 SR1 is at risk from the SQL injection vulnerability described in CVE-2006-3586.
What types of attacks can exploit CVE-2006-3586?
CVE-2006-3586 can be exploited to execute arbitrary SQL commands, potentially allowing attackers to manipulate database information.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/jetbox
- canonical/jetbox cms
- version/jetbox cms/2.1_sr1