CVE-2009-2604

Name of the Vulnerable Software and Affected Versions Zen Help Desk version 2.1

Description The issue concerns SQL injection vulnerabilities in the adminlogin.asp file. Remote attackers can execute arbitrary SQL commands by manipulating the userid (also known as username) and PassWord parameters in the admin.asp file.

Recommendations For Zen Help Desk version 2.1, consider restricting access to the adminlogin.asp file and avoid using the userid and PassWord parameters in the admin.asp file until a fix is available. As a temporary workaround, restrict the input for these parameters to minimize the risk of SQL injection attacks.