CVE-2006-3584 Information

Description

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters which are evaluated as PHP variable variables.

Reference

http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory/ http://securityreason.com/securityalert/1339 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303