Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Support_center | Isolsoft | 2.2 (including) | 2.2 (including) |
References
- http://pridels0.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html
- http://secunia.com/advisories/17728
- http://securitytracker.com/id?1015270
- http://www.osvdb.org/21102
- http://www.securityfocus.com/bid/15570
- http://www.vupen.com/english/advisories/2005/2592
- http://pridels0.blogspot.com/2005/11/isolsoft-support-center-sql-inj.html
- http://secunia.com/advisories/17728
- http://securitytracker.com/id?1015270
- http://www.osvdb.org/21102
- http://www.securityfocus.com/bid/15570
- http://www.vupen.com/english/advisories/2005/2592