PT-2003-1510 · One||Zero · One/Zero Helpdesk

Frog Man

Published

2003-05-17

Updated

2016-10-18

CVE-2003-0303

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: one||zero (aka One or Zero) Helpdesk version 1.4 rc4

Description: The issue allows remote attackers to modify arbitrary ticket number descriptions. This is achieved via the sg parameter in a SQL injection attack.

Recommendations: For one||zero (aka One or Zero) Helpdesk version 1.4 rc4, consider restricting access to the sg parameter to minimize the risk of exploitation until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0303

Affected Products

One/Zero Helpdesk

PT-2003-1510 · One||Zero · One/Zero Helpdesk

CVE-2003-0303

Related Identifiers

Affected Products

References · 5