7 lines
No EOL
425 B
Text
7 lines
No EOL
425 B
Text
source: http://www.securityfocus.com/bid/4971/info
|
|
|
|
It is reported that MyHelpDesk (version 20020509 and earlier) are vulnerable to SQL injection attacks.
|
|
|
|
Data supplied by the remote user, via CGI parameters, is used directly as part of SQL statements. As input sanitization is not properly performed, it is possible to modify the logic of a SQL query.
|
|
|
|
http://[TARGET]/supporter/index.php?t=detailticket&id=root%20me |