Vulnerabilities > Kayako > Esupport > 3.70.02

DATE CVE VULNERABILITY TITLE RISK
2010-07-28 CVE-2010-2912 SQL Injection vulnerability in Kayako Esupport 3.70.02
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
network
low complexity
kayako CWE-89
7.5
7.5
2010-07-28 CVE-2010-2911 SQL Injection vulnerability in Kayako Esupport 3.70.02
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
network
low complexity
kayako CWE-89
7.5
7.5