CVE-2004-2067 Information

Description

SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user (2) password or (3) crypted_password parameters.

Reference

http://marc.info/?l=bugtraq&m=109116345930380&w=2 http://securitytracker.com/id?1010815 http://www.jaws.com.mx/index.php?gadget=blog&action=single_view&id=10 http://www.osvdb.org/8320 http://www.securityfocus.com/bid/10826 https://exchange.xforce.ibmcloud.com/vulnerabilities/16847