CVE-2020-26546

CVE-2020-26546

by mathildeexlm

Abstract Advisory Information

At the time of this adviory, there is no known bugfix. An SQL injection vulnerability was found in HelpDeskZ product version 1.0.2
The feature to auto-login a user, via the RememberMe functionality, is prone to an SQL injection.

Authors: Dominique Righetto

Version affected

Name: HelpDeskZ
Versions: 1.0.2

Common Vulnerability Scoring System

7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Vulnerability Disclosure Timeline

  • 21/06/2020: Vulnerability discovered.
  • 22/06/2020: vendor contacted.
  • 20/09/2020: Public disclosure.
Top