CVE-2004-1413 - Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbi

CVE-2004-1413

Summary

Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature.

References

Vulnerable Configurations

cpe:2.3:a:kayako:esupport:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.1.8:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.2:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.2:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.2.5:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.3:*:*:*:*:*:*:*
cpe:2.3:a:kayako:esupport:2.3:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

refmap via4

bid	12037
bugtraq	20041218 Multiple Vulnerabilities In Kayako eSupport v2.x
misc	http://www.gulftech.org/?node=research&article_id=00056-12182004
xf	kayako-sql-injection(18572)

Last major update

11-07-2017 - 01:31

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:31