Vulnerabilities > Nexusjnr
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-02 | CVE-2008-6391 | SQL Injection vulnerability in Nexusjnr Jbook SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | 7.5 |
| 2009-03-02 | CVE-2008-6376 | SQL Injection vulnerability in Nexusjnr Jbook SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). | 7.5 |
| 2009-03-02 | CVE-2008-6375 | Permissions, Privileges, and Access Controls vulnerability in Nexusjnr Jbook JBook stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to userids.mdb. | 5.0 |