CVE-2007-3190

Jffnms Just For Fun Network Management System - SQL Injection

Title source: rule
STIX 2.1

Description

Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tim Brown · textwebappsphp
https://www.exploit-db.com/exploits/30171

References (6)

Core 6
Core References
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1374
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/471039/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26769
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/24414
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25587
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=118151087109711&w=2

Scores

EPSS 0.0100
EPSS Percentile 77.0%

Details

Status published
Products (1)
jffnms/just_for_fun_network_management_system 0.8.3
Published Jun 12, 2007
Tracked Since Feb 18, 2026