header-logo
Suggest Exploit
vendor:
JFFNMS
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting, SQL Injection, Information Disclosure
Unknown
CWE
Product Name: JFFNMS
Affected Version From: Prior to JFFNMS 0.8.4-pre3
Affected Version To: Unknown
Patch Exists: YES
Related CWE: Unknown
CPE: a:just_for_fun_network_management_and_monitoring_system:jffnms
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple Vulnerabilities in Just For Fun Network Management and Monitoring System (JFFNMS)

An attacker can exploit these vulnerabilities by manipulating the SQL query logic to carry out unauthorized actions on the underlying database, access sensitive information, and obtain cookie-based authentication credentials.

Mitigation:

Upgrade to JFFNMS 0.8.4-pre3 or later version.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24414/info

Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues.

An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database, access sensitive information, and obtain cookie-based authentication credentials.

These issues affect versions prior to JFFNMS 0.8.4-pre3. 

http://www.example.com/auth.php?user='%20union%20select%202,'admin','$1$RxS1ROtX$IzA1S3fcCfyVfA9rwKBMi.','Administrator'/*&pass=

Navigation

Suggest Exploit

Services By CQR