header-logo
Suggest Exploit
vendor:
HelpBox
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: HelpBox
Affected Version From: 3.0.1
Affected Version To: 3.0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

HelpBox Multiple SQL Injection Vulnerabilities

HelpBox is susceptible to multiple SQL injection vulnerabilities due to improper sanitization of user-supplied data. These vulnerabilities can be exploited by passing malicious SQL statements to certain scripts. Some scripts require administrative privileges to HelpBox, and one script allows exporting any table in the SQL server. Exploiting these vulnerabilities may result in unauthorized access to sensitive information, corruption of database data, or exploitation of latent vulnerabilities in the underlying database implementation.

Mitigation:

The vendor has not provided any specific mitigation or remediation for these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10776/info

It is reported that HelpBox is susceptible to multiple SQL injection vulnerabilities. This issue is due to improper sanitization of user-supplied data. 

These problems present themselves when malicious SQL statements are passed to certain scripts.

Some scripts require administrative privileges to HelpBox. One script reportedly allows exporting any table in the SQL server.

These issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

HelpBox version 3.0.1 is reported vulnerable to these issues.

http://www.example.com/laytonhelpdesk/editcommentenduser.asp?sys_comment_id=1'

Navigation

Suggest Exploit

Services By CQR