CVE-2002-0932

Sažetak

SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.

Reference

http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html
http://www.iss.net/security_center/static/9321.php
http://www.securityfocus.com/bid/4971

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

05-09-2008 - 20:29

Objavljeno

04-10-2002 - 04:00