Layton Technology HelpBox 3.0.1 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/10776/info It is reported that HelpBox is susceptible to multiple SQL injection vulnerabilities. This issue is due to improper sanitization of user-supplied data. These problems present themselves when malicious SQL statements are passed to certain scripts. Some scripts require administrative privileges to HelpBox. One script reportedly allows exporting any table in the SQL server. These issues may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation. HelpBox version 3.0.1 is reported vulnerable to these issues. http://www.example.com/laytonhelpdesk/editcommentenduser.asp?sys_comment_id=1'