PT-2005-4665 · Central Manchester Clc · Central Manchester Clc Helpdesk Issue Manager

Publicado

2005-11-30

Atualizado

2011-03-08

CVE-2005-3925

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Central Manchester CLC Helpdesk Issue Manager versions 0.9 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the detail[], orderdir, and orderby parameters to "find.php", and the id parameter to "issue.php".

Recommendations For Central Manchester CLC Helpdesk Issue Manager versions 0.9 and earlier, consider restricting access to the vulnerable parameters detail[], orderdir, orderby, and id in the affected API endpoints "find.php" and "issue.php" until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-3925

Produtos afetados

Central Manchester Clc Helpdesk Issue Manager

PT-2005-4665 · Central Manchester Clc · Central Manchester Clc Helpdesk Issue Manager

CVE-2005-3925

Identificadores relacionados

Produtos afetados

Referências · 9