Scorpion

**Name of the Vulnerable Software and Affected Versions** Kayako eSupport version 3.70.02 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the ` a` parameter in a `downloads` action within the `index.php` file. **Recommendations** For Kayako eSupport version 3.70.02, consider restricting access to the `index.php` file until a patch is available, and avoid using the ` a` parameter in the `downloads` action to minimize the risk of exploitation.