Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2 matches found

seebug.org
seebug.orgadded 2006/12/10 12:0 a.m.69 views

LeighBusinessEnterprisesWebHelpDeskSQL注入漏洞

LBE Web Helpdesk是一款可通过WEB浏览器进行操作的Helpdesk系统。LBE Web Helpdesk不正确过滤用户提交的数据,远程攻击者可以利用这个漏洞进行SQL注入攻击,可能获得敏感数据或修改数据库。问题存在于jobedit.asp脚本对用户提交给'id'参数缺少过滤,提交包含恶意SQL命令的数据作为'id'参数,可修改'users'表,增加操作员相等权限的新用户。 Leigh Business Enterprises Web HelpDesk 4.0.0.80 临时解决方法:如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: 在$nick...

7.1AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2004/12/31 12:0 a.m.2 views

PT-2004-3453 · Lbe · Lbe Web Helpdesk

Name of the Vulnerable Software and Affected Versions: LBE Web Helpdesk versions prior to 4.0.0.81 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in the jobedit.asp file. Recommendations: For versions prior to 4.0.0.81, upda...

7.5CVSS7.8AI score0.01452EPSS
Exploits1References8
Rows per page
Query Builder