- Description
- SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:luis_bernardo:myhelpdesk:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DE9BDC6-3D87-4820-BFB9-1B1F1562FD44",
"versionEndIncluding": "2002-05-09"
}
],
"operator": "OR"
}
]
}
]