Jaws 0.4 Security fix
JAWS 0.4 has a security bug in gadgets/controlpanel.php that allows to login to JAWS Control Panel doing a sql injection to login query.
Example:
If you change the function crypt_form in your templates/controlpanel/login.html like this:
function crypt_form(form) {
var new_password = calcMD5(form.password.value);
form.crypted_password.value = "' or '2'='2";
form.password.value = "";
return true;
}
var new_password = calcMD5(form.password.value);
form.crypted_password.value = "' or '2'='2";
form.password.value = "";
return true;
}
To fix this issue, please replace your gadgets/controlpanel.php with this:
http://jaws.com.mx/data/files/controlpanel.php.txt
Thanks to Fernando Quintero for report it 
ion | General | July 19, 11:16am