Vulnerabilities > CVE-2006-2039 - SQL Injection vulnerability in Help Center Live OSTicket Module

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

ubertec

nessus

NVD

Published: 2006-04-26

Updated: 2017-07-20

Summary

Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Ubertec Ubertec Help Center Live 1.0 Ubertec Help Center Live 1.2 Ubertec Help Center Live 1.2.1 Ubertec Help Center Live 1.2.2 Ubertec Help Center Live 1.2.3 Ubertec Help Center Live 1.2.4 Ubertec Help Center Live 1.2.5 Ubertec Help Center Live 1.2.6 Ubertec Help Center Live 1.2.7 Ubertec Help Center Live 1.2.8 Ubertec Help Center Live 2.0	11

Nessus

NASL family	CGI abuses
NASL id	HCL_210.NASL
description	The remote host is running Help Center Live, an open source, web-based help desk application written in PHP. The version of Help Center Live installed on the remote host contains a version of osTicket that is affected by multiple SQL injection issues. An unauthenticated attacker may be able to leverage these flaws to disclose sensitive information, modify data, bypass authentication, or launch attacks against the underlying database.
last seen	2020-06-01
modified	2020-06-02
plugin id	21306
published	2006-05-03
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/21306
title	Help Center Live osTicket Module Multiple Unspecified SQL Injections

Summary

Vulnerable Configurations

Nessus

References