CVE-2005-1839

Name of the Vulnerable Software and Affected Versions Liberum Help Desk version 0.97.3

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved through the id parameter to API endpoints such as "view.asp", "print.asp", or the edit parameter to "register.asp".

Recommendations For version 0.97.3, consider restricting access to the "view.asp", "print.asp", and "register.asp" API endpoints until a patch is available. As a temporary workaround, avoid using the id and edit parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.