| VID |
21809 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PerlDesk program is vulnerable to multiple SQL injection vulnerabilities via the view parameter. PerlDesk is a Web-based help desk and email management program written in perl. PerlDesk version 1.x could allow a remote attacker to execute arbitrary SQL commands, caused by improper filtering of input passed to the view parameter of multiple scripts. These vulnerabilities could permit a remote attacker to pass malicious input to database queries, potentially resulting in data exposure, modification of the query logic, or even data modification or attacks against the database itself.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-02/0022.html
* Platforms Affected:
LogicNow, PerlDesk 1.x
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PerlDesk (2.x or later), available from the PerlDesk Web site at http://www.perldesk.com/ |
| Related URL |
CVE-2005-0343 (CVE) |
| Related URL |
12471 (SecurityFocus) |
| Related URL |
19245 (ISS) |
|
