NVD

Id
70025  
Name
CVE-2005-4427  
Description
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2005-12-20  
Modified Date
2016-10-17  
Seq
2005-4427  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
361458 70025 CVE-2005-4427 http://forum.cerberusweb.com/showthread.php?s=&postid=30315  View
361459 70025 CVE-2005-4427 20051219 Cerberus Helpdesk vulnerabilities  View
361460 70025 CVE-2005-4427 20051225 Cerberus Helpdesk multiple vulnerabilities.  View
361461 70025 CVE-2005-4427 16062  View
361462 70025 CVE-2005-4427 cerberus-multiple-sql-injection(23836)  View

Related JVN