CVE-2002-0932

MyHelpDesk < 2002-05-09 - SQL Injection via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0932. PoCs published by Ahmet Sabri ALPER.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in MyHelpDesk (version 20020509 and earlier) where user-supplied input via CGI parameters is not properly sanitized, allowing modification of SQL query logic. The example URL demonstrates a basic SQL injection attempt.

Description

SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ahmet Sabri ALPER · textwebappsphp
https://www.exploit-db.com/exploits/21527

The provided text describes a SQL injection vulnerability in MyHelpDesk (version 20020509 and earlier) where user-supplied input via CGI parameters is not properly sanitized, allowing modification of SQL query logic. The example URL demonstrates a basic SQL injection attempt.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: MyHelpDesk version 20020509 and earlier
No auth needed
Prerequisites: Access to the target application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9321.php
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4971

Scores

EPSS 0.0125
EPSS Percentile 65.5%

Details

Status published
Products (1)
luis_bernardo/myhelpdesk < 2002-05-09
Published Oct 04, 2002
Tracked Since Feb 18, 2026