Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SysAid Help Desk SQL注入漏洞
Vulnerability Description
SysAid Help Desk是美国SysAid公司的一套基于Web的IT管理软件。该软件支持流程自动化、资产管理和任务管理等。 SysAid Help Desk 15.2之前版本中存在SQL注入漏洞,该漏洞源于/genericreport URI没有充分过滤AssetDetails报告中的‘groupFilter’参数;/genericreport URI没有充分过滤TopAdministratorsByAverageTimer和ActiveRequests报告中的‘customSQL’参数;Help
CVSS Information
N/A
Vulnerability Type
N/A