Jetbox Jetbox Cms : Security vulnerabilities, CVEs sql injection published in 2007

Copy

CVE-2007-2685

Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) login parameter.

Max CVSS

7.5

EPSS Score

0.90%

Published

2007-05-21

Updated

2018-10-16

CVE-2007-2684

Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.

Max CVSS

5.0

EPSS Score

1.64%

Published

2007-05-21

Updated

2018-10-16

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!