CVE-2006-3586

Name of the Vulnerable Software and Affected Versions Jetbox CMS version 2.1 SR1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the frontsession COOKIE parameter and the view parameter in "index.php", as well as the login parameter in "admin/cms/index.php".

Recommendations For Jetbox CMS version 2.1 SR1, consider restricting access to the frontsession COOKIE parameter, the view parameter in "index.php", and the login parameter in "admin/cms/index.php" to minimize the risk of exploitation. As a temporary workaround, avoid using these parameters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.