CVE-2013-4945

BMC Service Desk Express 10.2.1.95 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4945. PoCs published by Nuri Fattah.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple SQL injection and XSS vulnerabilities in BMC Service Desk Express (SDE) Version 10.2.1.95. It includes affected endpoints, vulnerable parameters, and example payloads for XSS but does not contain functional exploit code.

Description

Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.

Exploits (1)

exploitdb WRITEUP
by Nuri Fattah · textwebappsasp
https://www.exploit-db.com/exploits/26806

This is a vulnerability writeup detailing multiple SQL injection and XSS vulnerabilities in BMC Service Desk Express (SDE) Version 10.2.1.95. It includes affected endpoints, vulnerable parameters, and example payloads for XSS but does not contain functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: BMC Service Desk Express (SDE) Version 10.2.1.95
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/26806
Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-07/0082.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61147

Scores

EPSS 0.0113
EPSS Percentile 62.4%

Details

CWE
CWE-89
Status published
Products (1)
bmc/service_desk_express 10.2.1.95
Published Jul 29, 2013
Tracked Since Feb 18, 2026