Lucene search

[email protected]CVE-2004-1413

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-1413

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1413

sql injection

kayako esupport 2.x

security vulnerability

8.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature.

CPENameOperatorVersion
kayako:esupportkayako esupporteq2.1.8
kayako:esupportkayako esupporteq2.2
kayako:esupportkayako esupporteq2.3
kayako:esupportkayako esupporteq2.1.2
kayako:esupportkayako esupporteq2.2.5

CPE	Name	Operator	Version
kayako:esupport	kayako esupport	eq	2.1.8
kayako:esupport	kayako esupport	eq	2.2
kayako:esupport	kayako esupport	eq	2.3
kayako:esupport	kayako esupport	eq	2.1.2
kayako:esupport	kayako esupport	eq	2.2.5

References

marc.info/?l=bugtraq&m=110352428607171&w=2

www.gulftech.org/?node=research&article_id=00056-12182004

www.securityfocus.com/bid/12037

exchange.xforce.ibmcloud.com/vulnerabilities/18572

8.9 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.3%

JSON

Related for CVE-2004-1413

cvelist1 openvas1