2010-02-11 18:30:01 2018-10-10 21:53:08

evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability.