CVE-2009-4548

Name of the Vulnerable Software and Affected Versions ViArt Helpdesk versions 3.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to various PHP files. This can be achieved by manipulating the category id parameter in files such as "products.php", "article.php", "product details.php", or "reviews.php", the forum id parameter in "forum.php", or the search category id parameter in "products search.php".

Recommendations For ViArt Helpdesk version 3.x, as a temporary workaround, consider restricting access to the vulnerable parameters category id, forum id, and search category id in the respective PHP files until a patch is available. Avoid using these parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.