Description
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by TiGeR-Dz · textwebappsphp
https://www.exploit-db.com/exploits/8825
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50862
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/8825
Scores
EPSS
0.0023
EPSS Percentile
46.1%
Details
CWE
CWE-89
Status
published
Products (1)
zenhelpdesk/zen_help_desk
2.1
Published
Jul 27, 2009
Tracked Since
Feb 18, 2026