CVE-2010-2911

Kayako eSupport <3.70.02 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Sid3^effects · textwebappsphp

https://www.exploit-db.com/exploits/14392

View Code ZIP pw:eip

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/14404

View on exploitdb

References (5)

[Exploit] http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt

[Exploit] http://www.exploit-db.com/exploits/14392

[Exploit] http://www.securityfocus.com/bid/41779

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/1843

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/60455

Scores

EPSS 0.0056

EPSS Percentile 67.8%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

kayako/esupport

Timeline

Published Jul 28, 2010

Tracked Since Feb 18, 2026