ExoPHPDesk.faq.php.Remote.SQL.Injection
Description
It indicates a possible exploit of a SQL injection vulnerability in ExoPHPDesk.
This flaw is due to an input validation error in the "kb_view_in()" [class/kb.php] function (called via "faq.php") that does not validate the "id" parameter before it is used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks.
Affected Products
EXO PHPDesk version 1.2.1 and prior.
Impact
The execution of arbitrary SQL commands on the system.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |