Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| helpdesk_issue_manager | helpdesk_issue_manager | 0.2 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.1 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.9 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.6 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.7 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.8 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.3 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.4 |
| helpdesk_issue_manager | helpdesk_issue_manager | 0.5 |