CVE-2007-2684

Name of the Vulnerable Software and Affected Versions Jetbox CMS version 2.1

Description The issue allows remote attackers to obtain sensitive information. This can be achieved through a direct request to certain PHP files, such as main page.php, open tree.php, and outputs.php. Additionally, a malformed view parameter to index.php can be used, potentially allowing SQL injection manipulation. The id[] parameter to admin/cms/opentree.php can also reveal the installation path in the resulting error message.

Recommendations For Jetbox CMS version 2.1, consider restricting access to the main page.php, open tree.php, and outputs.php files, as well as validating and sanitizing the view parameter in index.php to prevent SQL injection. Also, restrict the use of the id[] parameter in admin/cms/opentree.php to minimize the risk of path disclosure.