SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
CPE | Name | Operator | Version |
---|---|---|---|
supportsuite | eq | 3.10.00 | |
supportsuite | eq | 3.11.01 | |
supportsuite | le | 3.20.02 | |
supportsuite | eq | 3.11.00 | |
supportsuite | eq | 3.10.02 |