This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
Jetbox CMS 2.1 allows remote attackers to obtain sensitive information via (1) a direct request to (a) main_page.php, (b) open_tree.php, and (c) outputs.php; (2) a malformed view parameter to index.php, as demonstrated with an SQL injection manipulation; or (3) the id parameter to admin/cms/opentree.php, which reveals the installation path in the resulting error message.
CVSS 3.x Severity and Metrics:
NVD score not yet provided.
CVSS 2.0 Severity and Metrics: