Lucene search
Tim BrownEDB-ID:30171HistoryJun 11, 2007 - 12:00 a.m.
JFFNms 0.8.3 - 'auth.php' Multiple SQL Injections
2007-06-1100:00:00
Tim Brown
www.exploit-db.com
21
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/24414/info
Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues.
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database, access sensitive information, and obtain cookie-based authentication credentials.
These issues affect versions prior to JFFNMS 0.8.4-pre3.
http://www.example.com/auth.php?user='%20union%20select%202,'admin','$1$RxS1ROtX$IzA1S3fcCfyVfA9rwKBMi.','Administrator'/*&pass=Related
nvd
nvd
CVE-2007-3190
2007-06-12 23:30:00
CVE-2007-3204
2007-06-12 23:30:00
prion
prion
Sql injection
2007-06-12 23:30:00
Sql injection
2007-06-12 23:30:00
ubuntucve
ubuntucve
CVE-2007-3190
2007-06-12 00:00:00
CVE-2007-3204
2007-06-12 00:00:00
cvelist
cvelist
CVE-2007-3190
2007-06-12 23:00:00
CVE-2007-3204
2007-06-12 23:00:00
cve
cve
CVE-2007-3190
2007-06-12 23:30:00
CVE-2007-3204
2007-06-12 23:30:00
nessus
nessus
JFFNMS auth.php Multiple Parameter SQL Injection
2007-06-12 00:00:00
Debian DSA-1374-1 : jffnms - several vulnerabilities
2007-09-14 00:00:00
debian
debian
[SECURITY] [DSA 1374-1] New jffnms packages fix several vulnerabilities
2007-09-11 18:57:54
osv
osv
jffnms - several vulnerabilities
2007-09-11 00:00:00
openvas
openvas
Debian Security Advisory DSA 1374-1 (jffnms)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1374-1)
2008-01-17 00:00:00