9 lines
No EOL
880 B
Text
9 lines
No EOL
880 B
Text
source: http://www.securityfocus.com/bid/8856/info
|
|
|
|
It has been reported that DeskPro is prone to multiple SQL injection vulnerabilities due to insufficient sanitization of user-supplied input. The problem is reported to be present in various parameters such as cat, article, and ticketid of the faq.php and view.php modules. This issue may allow a remote attacker to influence SQL query logic in order to compromise the DeskPro application or view/modify sensitive information. The consequences of exploitation may vary depending on the underlying database implementation.
|
|
|
|
DeskPro version 1.1.0 and prior have been reported to be prone to this issue, however other versions may also be affected.
|
|
|
|
http://www.example.com/deskpro_v1/faq.php?cat=45'
|
|
http://www.example.com/deskpro_v1/faq.php?article=105'
|
|
http://www.example.com/deskpro_v1/view.php?ticketid=1'&ticket_pass= |