CVE-2006-3586 Information

Description

SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php and the (3) login parameter in admin/cms/index.php.

Reference

http://secunia.com/advisories/20889 http://secunia.com/secunia_research/2006-57/advisory/ http://securityreason.com/securityalert/1339 http://www.securityfocus.com/archive/1/441980/100/0/threaded http://www.securityfocus.com/bid/19303 https://exchange.xforce.ibmcloud.com/vulnerabilities/28168