SQL Injection Vulnerabilities in BMC Service Desk Express by BMC Software
CVE-2013-4945

Currently unrated

Key Information:

Vendor

Bmc

Status
Service Desk Express
Vendor
CVE Published:
29 July 2013

What is CVE-2013-4945?

BMC Service Desk Express 10.2.1.95 contains multiple vulnerabilities that allow remote attackers to exploit SQL injection via several cookie parameters, such as ASPSESSIONIDASSRATTQ, TABLE_WIDGET_1, TABLE_WIDGET_2, browserDateTimeInfo, and browserNumberInfo on the DashBoardGUI.aspx, or via the UID parameter on login.aspx. Successful exploitation can lead to arbitrary SQL command execution, endangering database integrity and confidentiality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.exploit-db.com/exploits/26806
exploitx_refsource_EXPLOIT-DB
http://archives.neohapsis.com/archives/bugtraq/2013-07/00...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/61147
vdb-entryx_refsource_BID

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.