Select local site

F-Secure Vulnerability Information :
Active Web Helpdesk "CategoryID" SQL Injection Vulnerability
[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA32911
Source:Secunia
Date of Discovery:01.12.2008
Criticality:Moderate
Affects:

Active Web Helpdesk 2.x
Compromise From:From remote
Compromise Type:Manipulation of data
Summary

A vulnerability in Active Web Helpdesk, which can be exploited by malicious people to conduct SQL injection attacks.
Back to the Top

Detailed Description

A vulnerability in Active Web Helpdesk, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "CategoryID" parameter in default.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 2.0. Other versions may also be affected.
Back to the Top

Solution

Edit the source code to ensure that input is properly sanitised.
Back to the Top

CVE Reference
Back to the Top

F-Secure Corporation