CVE-2020-26546

CVE-2020-26546

by mathildeexlm

Abstract Advisory Information

An SQL injection vulnerability was found in HelpDeskZ product version 1.0.2
The feature to auto-login a user, via the RememberMe functionality, is prone to an SQL injection.

Authors: Dominique Righetto

Version affected

Name: HelpDeskZ
Versions: 1.0.2

Common Vulnerability Scoring System

7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

https://www.helpdeskz.com/
https://github.com/evolutionscript/HelpDeskZ-1.0

Vulnerability Disclosure Timeline

  • 21/06/2020: Vulnerability discovered.
  • 22/06/2020: vendor contacted.
  • 20/09/2020: Public disclosure.
Top