9 lines
No EOL
675 B
Text
9 lines
No EOL
675 B
Text
source: https://www.securityfocus.com/bid/24414/info
|
|
|
|
Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues.
|
|
|
|
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database, access sensitive information, and obtain cookie-based authentication credentials.
|
|
|
|
These issues affect versions prior to JFFNMS 0.8.4-pre3.
|
|
|
|
http://www.example.com/auth.php?user='%20union%20select%202,'admin','$1$RxS1ROtX$IzA1S3fcCfyVfA9rwKBMi.','Administrator'/*&pass= |