Jportal · Jportal Web Portal · CVE-2005-1071
**Name of the Vulnerable Software and Affected Versions**
JPortal Web Portal version 2.3.1
**Description**
A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `haslo` parameter in the banner.inc.php file.
**Recommendations**
For JPortal Web Portal version 2.3.1, consider restricting access to the `haslo` parameter in the banner.inc.php file until a patch is available.