CVE-2002-0931

Name of the Vulnerable Software and Affected Versions: MyHelpDesk version 20020509

Description: The issue allows remote attackers to execute script as other users. This can be achieved via a Title or Description when a new ticket is created by a support assistant. The "id" parameter to the index.php script is also vulnerable, specifically with the tickettime, ticketfiles, or updateticketlog operations. Additionally, the update section when a ticket is edited is affected.

Recommendations: For MyHelpDesk version 20020509, consider disabling the ability to create new tickets or edit existing ones until a fix is available. Restrict access to the index.php script to minimize the risk of exploitation. Avoid using the id parameter in the index.php script until the issue is resolved. As a temporary workaround, limit the functionality of the update section when a ticket is edited.