CVE-2007-3191

Just For Fun Network Management System <0.8.3 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3191. PoCs published by Tim Brown.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in JFFNMS, including SQL injection, XSS, and information disclosure, but does not contain actual exploit code. It references a test.php endpoint as an example of an affected path.

Description

Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tim Brown · textwebappsphp

https://www.exploit-db.com/exploits/30173

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in JFFNMS, including SQL injection, XSS, and information disclosure, but does not contain actual exploit code. It references a test.php endpoint as an example of an affected path.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Just For Fun Network Management and Monitoring System (JFFNMS) versions prior to 0.8.4-pre3

No auth needed

Prerequisites: Network access to the target system · Vulnerable version of JFFNMS

MITRE ATT&CK