Unrated severityNVD Advisory· Published Jun 1, 2006· Updated Jun 16, 2026
CVE-2006-2718
CVE-2006-2718
Description
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:jiwa:financials:6.4.14:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:jiwa:financials:6.4.14:*:*:*:*:*:*:*
- (no CPE)range: = 6.4.14
Patches
Vulnerability mechanics
References
7- secunia.com/advisories/20342nvdPatchVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2006-May/046398.htmlnvdExploit
- securityreason.com/securityalert/1000nvd
- securitytracker.com/idnvd
- www.securityfocus.com/archive/1/435352/100/0/threadednvd
- www.securityfocus.com/archive/1/435730/100/0/threadednvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26756nvd
News mentions
0No linked articles in our index yet.