CVE-2005-4427

EPSS 3.2%

Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.

Affected products

n/a · n/a

public PoCs found — 3

exploitdbwww.exploit-db.com/exploits/26974unverified exploitdbwww.exploit-db.com/exploits/26973unverified exploitdbwww.exploit-db.com/exploits/26975unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://forum.cerberusweb.com/showthread.php?s=&postid=30315 http://marc.info/?l=full-disclosure&m=113500878630130&w=2 http://secunia.com/advisories/18112 https://exchange.xforce.ibmcloud.com/vulnerabilities/23836 http://www.osvdb.org/21988 http://www.osvdb.org/21990 http://www.osvdb.org/21991 http://www.osvdb.org/21992 http://www.osvdb.org/21993 http://www.osvdb.org/21994 http://www.osvdb.org/21995 http://www.securityfocus.com/archive/1/420271/100/0/threaded