Security Advisory

CVE-2006-2718

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-06-01 01:00:00

Last updated 2024-08-07 17:58:51

Assigner mitre

State PUBLISHED

Description

JIWA Financials 6.4.14 passes a Microsoft SQL Server accounts username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.

← Browse all CVEs View on cve.org ↗