CVE-2007-3190

Name of the Vulnerable Software and Affected Versions: Just For Fun Network Management System (JFFNMS) version 0.8.3

Description: The issue concerns multiple SQL injection vulnerabilities in the auth.php file of JFFNMS. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands via the user and pass parameters. This could potentially lead to a breach of confidentiality and integrity of protected information. The exploitation of these vulnerabilities can be done remotely.

Recommendations: For JFFNMS version 0.8.3, consider disabling the auth.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks. Avoid using the user and pass parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.