CVE-2005-3925
published 2005-11-30CVE-2005-3925: Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.29%
66.6th percentile
Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
| helpdesk_issue_manager | helpdesk_issue_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Helpdesk Issue Manager 0.x - 'find.php' Multiple SQL Injections
exploitdb·2005-11-28
CVE-2005-3925 Helpdesk Issue Manager 0.x - 'find.php' Multiple SQL Injections
Helpdesk Issue Manager 0.x - 'find.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/15604/info
Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Helpdesk Issue Manager 0.9 and prior versions are reportedly affected.
http://www.example.com/find.php?act=action&reset=yes&detail%5B%5D=[SQL]
http://www.example.com/find.php?page=0&act=action&orderby=sortorder&orderdir=[SQL]
http://www.example.com/find.php?page=0&act=action&orderby=[SQL]
Exploit-DB
Helpdesk Issue Manager 0.x - 'issue.php?id' SQL Injection
exploitdb·2005-11-28
CVE-2005-3925 Helpdesk Issue Manager 0.x - 'issue.php?id' SQL Injection
Helpdesk Issue Manager 0.x - 'issue.php?id' SQL Injection
---
source: https://www.securityfocus.com/bid/15604/info
Helpdesk Issue Manager is prone to multiple SQL injection vulnerabilities.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Helpdesk Issue Manager 0.9 and prior versions are reportedly affected.
http://www.example.com/issue.php?id=[SQL]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2005/11/helpdesk-issue-manager-v09-sql-inj.htmlhttp://secunia.com/advisories/17714http://www.osvdb.org/21114http://www.osvdb.org/21115http://www.securityfocus.com/bid/15604http://www.vupen.com/english/advisories/2005/2589http://pridels0.blogspot.com/2005/11/helpdesk-issue-manager-v09-sql-inj.htmlhttp://secunia.com/advisories/17714http://www.osvdb.org/21114http://www.osvdb.org/21115http://www.securityfocus.com/bid/15604http://www.vupen.com/english/advisories/2005/2589
2005-11-30
Published