Lucene search
HistoryDec 12, 2012 - 11:38 a.m.
CVE-2012-4975
cve-2012-4975
layton helpbox 4.4.0
remote authenticated users
support-ticket data
sys_request_id parameter
6.5 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.7%
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.
| CPE | Name | Operator | Version |
|---|---|---|---|
| layton_technology:helpbox | layton technology helpbox | eq | 4.4.0 |
Related
prion
prion
Design/Logic Flaw
2012-12-12 11:38:00
cvelist
cvelist
CVE-2012-4975
2012-12-12 11:00:00
packetstorm
packetstorm
Layton Helpbox 4.4.0 Authorization Bypass
2012-10-26 00:00:00
securityvulns
securityvulns
Layton Helpbox 4.4.0 Multiple Security Issues
2012-10-29 00:00:00
6.5 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
44.7%
Related for CVE-2012-4975