Abstract Advisory Information


At the time of this adviory, there is no known bugfix. An SQL injection vulnerability was found in HelpDeskZ product version 1.0.2

The feature to auto-login a user, via the RememberMe functionality, is prone to an SQL injection.

Author: Dominique Righetto

Version affected


Name: HelpDeskZ

Versions: 1.0.2

Common Vulnerability Scoring System


7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References


Vulnerability Disclosure Timeline


  • 21/06/2020: Vulnerability discovered.
  • 22/06/2020: vendor contacted.
  • 20/09/2020: Public disclosure.