Detections
Analytics

CVE-2006-3584

high

Description

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.

References

http://www.securityfocus.com/bid/19303

http://www.securityfocus.com/archive/1/441980/100/0/threaded

http://securityreason.com/securityalert/1339

http://secunia.com/secunia_research/2006-57/advisory/

http://secunia.com/advisories/20889

Details

Source: Mitre, NVD

Published: 2006-08-08

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00721