MyHelpDesk 20020509 - SQL Injection

Author: Ahmet Sabri ALPER
type: webapps
platform: php
port: 
date_added: 2002-06-10  
date_updated: 2012-09-26  
verified: 1  
codes: CVE-2002-0932;OSVDB-10120  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21527.txt  

source: https://www.securityfocus.com/bid/4971/info

It is reported that MyHelpDesk (version 20020509 and earlier) are vulnerable to SQL injection attacks.

Data supplied by the remote user, via CGI parameters, is used directly as part of SQL statements. As input sanitization is not properly performed, it is possible to modify the logic of a SQL query.

http://[TARGET]/supporter/index.php?t=detailticket&id=root%20me