JFFNms 0.8.3 admin/adm/test.php PHP Information Disclosure

2007-06-11T00:00:00
ID EDB-ID:30173
Type exploitdb
Reporter Tim Brown
Modified 2007-06-11T00:00:00

Description

JFFNMS 0.8.3 admin/adm/test.php PHP Information Disclosure. CVE-2007-3191. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/24414/info
  
Just For Fun Network Management and Monitoring System (JFFNMS) is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues.
  
An attacker can exploit these issues by manipulating the SQL query logic to carry out unauthorized actions on the underlying database, access sensitive information, and obtain cookie-based authentication credentials.
  
These issues affect versions prior to JFFNMS 0.8.4-pre3. 

http://192.168.1.1/admin/adm/test.php