header-logo
Suggest Exploit
vendor:
Helpdesk Issue Manager
by:
Unknown
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Helpdesk Issue Manager
Affected Version From: 0.9
Affected Version To: 0.9
Patch Exists: NO
Related CWE:
CPE: a:helpdesk_issue_manager:helpdesk_issue_manager:0.9
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple SQL Injection Vulnerabilities in Helpdesk Issue Manager

The Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

To mitigate these vulnerabilities, it is recommended to apply the latest security patches or updates provided by the vendor. Additionally, input validation and sanitization techniques should be implemented to prevent SQL injection attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15604/info
 
Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities.
 
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
 
Helpdesk Issue Manager 0.9 and prior versions are reportedly affected. 

http://www.example.com/find.php?act=action&reset=yes&detail%5B%5D=[SQL]
http://www.example.com/find.php?page=0&act=action&orderby=sortorder&orderdir=[SQL]
http://www.example.com/find.php?page=0&act=action&orderby=[SQL]