ID CVE-2005-2461
Summary Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:kayako:liveresponse:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:kayako:liveresponse:2.0:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 18-10-2016 - 03:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 14425
bugtraq 20050730 Kayako liveResponse Multiple Vulnerabilities
misc http://www.gulftech.org/?node=research&article_id=00092-07302005
osvdb 18396
secunia 16286
Last major update 18-10-2016 - 03:27
Published 31-12-2005 - 05:00
Last modified 18-10-2016 - 03:27
Back to Top