7 lines
No EOL
426 B
Text
Executable file
7 lines
No EOL
426 B
Text
Executable file
source: http://www.securityfocus.com/bid/4971/info
|
|
|
|
It is reported that MyHelpDesk (version 20020509 and earlier) are vulnerable to SQL injection attacks.
|
|
|
|
Data supplied by the remote user, via CGI parameters, is used directly as part of SQL statements. As input sanitization is not properly performed, it is possible to modify the logic of a SQL query.
|
|
|
|
http://[TARGET]/supporter/index.php?t=detailticket&id=root%20me |