| VID |
210073 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Help Center Live is vulnerable to multiple SQL injection vulnerabilities in the 'osTicket' module. Help Center Live is a 'Live' help desk system written in PHP using a MySql database backend that features Live Support, Trouble Tickets and FAQ within one project. Help Center Live version 2.1.0 and earlier versions are vulnerable to multiple SQL injection vulnerabilities in the 'osTicket' module. These vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://sourceforge.net/project/shownotes.php?release_id=411859
http://www.frsirt.com/english/advisories/2006/1492
http://secunia.com/advisories/19776
* Platforms Affected:
Help Center Live version 2.1.0 and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Help Center Live (2.1.0 or later), available from the Help Center Live Web site at http://www.helpcenterlive.com/ |
| Related URL |
CVE-2006-2039 (CVE) |
| Related URL |
17676 (SecurityFocus) |
| Related URL |
26040 (ISS) |
|
