Description
SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the "id" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ahmet Sabri ALPER · textwebappsphp
https://www.exploit-db.com/exploits/21527
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html
Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9321.php
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4971
Scores
EPSS
0.0081
EPSS Percentile
74.3%
Details
Status
published
Products (1)
luis_bernardo/myhelpdesk
< 2002-05-09
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026