CVE-2008-3701
published 2008-08-15CVE-2008-3701: SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.93%
77.4th percentile
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kayako | supportsuite | <= 3.20.02 | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
| kayako | supportsuite | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://forums.kayako.com/f3/3-30-00-stable-released-18304/http://osvdb.org/47616http://secunia.com/advisories/31431http://www.gulftech.org/?node=research&article_id=00123-08092008http://www.securityfocus.com/bid/30642https://exchange.xforce.ibmcloud.com/vulnerabilities/44384http://forums.kayako.com/f3/3-30-00-stable-released-18304/http://osvdb.org/47616http://secunia.com/advisories/31431http://www.gulftech.org/?node=research&article_id=00123-08092008http://www.securityfocus.com/bid/30642https://exchange.xforce.ibmcloud.com/vulnerabilities/44384
2008-08-15
Published