CVE-2007-6091 Information

Description

Multiple SQL injection vulnerabilities in files/login.asp in JiRo’s Banner System (JBS) 2.0 and possibly JiRo’s Upload Manager (aka JiRo’s Upload System or JUS) allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.

Reference

http://osvdb.org/38740 http://osvdb.org/38741 http://secunia.com/advisories/27713 http://securityreason.com/securityalert/3384 http://www.securityfocus.com/archive/1/483859/100/0/threaded http://www.securityfocus.com/bid/26479