CVE-2007-2684

CVE Database · CVE-2007-2684

CVE-2007-2684

· N/AModified

CVSS v3.1

N/A

EPSS

1.61%

Published

May 21, 2007

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id[] parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.

Affected Products (1)

jetbox · jetbox_cmsvulnerable

References (18)

http://marc.info/?l=full-disclosure&m=117974375029054&w=2

ExploitVendor Advisory

http://osvdb.org/34787

http://osvdb.org/34788

http://osvdb.org/34789

http://osvdb.org/34790

http://www.netvigilance.com/advisory0027

ExploitVendor Advisory

http://www.osvdb.org/34783

http://www.securityfocus.com/archive/1/469222/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/34385

http://marc.info/?l=full-disclosure&m=117974375029054&w=2

KEV Catalog EPSS Scores Vendors All CVEs