Описание
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
Ссылки
- Exploit
- PatchVendor Advisory
- Exploit
- PatchVendor Advisory
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
EPSS
6.5 Medium
CVSS2