ServiceTonic Helpdesk Software SQL注入漏洞

ServiceTonic, an ITIL-compliant service desk and enterprise services software, has a SQL injection vulnerability in the login form in versions prior to ServiceTonic 9.0.35937. An attacker could exploit the vulnerability to steal information via a specially crafted, HQL-compatible, time-series SQL...