CVE-2005-2461

Name of the Vulnerable Software and Affected Versions Kayako liveResponse versions 2.x

Description The issue concerns SQL injection vulnerabilities in the calendar feature. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by manipulating the year or date parameters.

Recommendations For Kayako liveResponse versions 2.x, consider restricting access to the calendar feature until a patch is available. As a temporary workaround, avoid using the year and date parameters in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.