Release DateMar 01, 2007 |
Severitymedium |
ImpactThe execution of arbitrary SQL commands on the system. |
DescriptionIt indicates a possible exploit of a SQL injection vulnerability in ExoPHPDesk.This flaw is due to an input validation error in the "kb_view_in()" [class/kb.php] function (called via "faq.php") that does not validate the "id" parameter before it is used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks. |
Affected ProductsEXO PHPDesk version 1.2.1 and prior. |
Recommended ActionsCurrently we are not aware of any vendor-supplied patches for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0676 |
Reference/shttp://www.frsirt.com/english/advisories/2007/0452 (FrSIRT)http://www.securityfocus.com/bid/22338 (BugTraq) |
