Vulnerabilities > CVE-2006-2039 - SQL Injection vulnerability in Help Center Live OSTicket Module
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
Vulnerable Configurations
Nessus
NASL family | CGI abuses |
NASL id | HCL_210.NASL |
description | The remote host is running Help Center Live, an open source, web-based help desk application written in PHP. The version of Help Center Live installed on the remote host contains a version of osTicket that is affected by multiple SQL injection issues. An unauthenticated attacker may be able to leverage these flaws to disclose sensitive information, modify data, bypass authentication, or launch attacks against the underlying database. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21306 |
published | 2006-05-03 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21306 |
title | Help Center Live osTicket Module Multiple Unspecified SQL Injections |