Multiple SQL Injection Vulnerabilities in Cerberus Helpdesk by Cerberus Design, Inc.
CVE-2005-4427

Currently unrated

Key Information:

Vendor: Cerberus
Status: Cerberus Helpdesk
Vendor: CVE Published:; 20 December 2005

What is CVE-2005-4427?

Cerberus Helpdesk has several SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands, which could potentially compromise the database. Attackers can exploit specific parameters in various PHP files, including 'file_id' in attachment_send.php, 'addy' in email_parser.php, and 'kbid' in cer_KnowledgebaseHandler.class.php. These exploits may lead to unauthorized access to sensitive information and manipulation of the database.

References

http://www.osvdb.org/21991

vdb-entryx_refsource_OSVDB

http://www.osvdb.org/21993

vdb-entryx_refsource_OSVDB

http://marc.info/?l=full-disclosure&m=113500878630130&w=2

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 20, 2005
Vulnerability Reserved
Dec 20, 2005

CVE-2005-4427 Data

JSON