CVE-2015-2999

NONECVSS 0.0

0.0

Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.

🔗 References (10)

cve@mitrehttp://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html
cve@mitrehttp://seclists.org/fulldisclosure/2015/Jun/8
cve@mitrehttp://www.securityfocus.com/archive/1/535679/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/75038
cve@mitrehttps://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/132138/SysAid-Help-Desk-14.4-Code-Execution-Denial-Of-Service-Traversal-SQL-Injection.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2015/Jun/8
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/535679/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75038
af854a3a-2127-422b-91ae-364da2661108https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk

Is Your Infrastructure Affected by CVE-2015-2999?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-2999

📅 Published

🔄 Last Modified

🔗 References (10)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-2999?