JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
References
Configurations
History
No history.
Information
Published : 2006-06-01 01:02
Updated : 2024-02-04 16:52
NVD link : CVE-2006-2718
Mitre link : CVE-2006-2718
CVE.ORG link : CVE-2006-2718
JSON object : View
Products Affected
jiwa
- financials
CWE