SQL Injection Vulnerabilities in BMC Service Desk Express by BMC Software
CVE-2013-4945

Currently unrated

Key Information:

Vendor: Bmc
Status: Service Desk Express
Vendor: CVE Published:; 29 July 2013

What is CVE-2013-4945?

BMC Service Desk Express 10.2.1.95 contains multiple vulnerabilities that allow remote attackers to exploit SQL injection via several cookie parameters, such as ASPSESSIONIDASSRATTQ, TABLE_WIDGET_1, TABLE_WIDGET_2, browserDateTimeInfo, and browserNumberInfo on the DashBoardGUI.aspx, or via the UID parameter on login.aspx. Successful exploitation can lead to arbitrary SQL command execution, endangering database integrity and confidentiality.

References

http://www.exploit-db.com/exploits/26806

exploitx_refsource_EXPLOIT-DB

http://archives.neohapsis.com/archives/bugtraq/2013-07/00...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/61147

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 29, 2013

JSON

Bmc

What is CVE-2013-4945?

References

Timeline