Vulnerability Details CVE-2008-3701
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.8%
CVSS Severity
CVSS v2 Score 6.5
References
- http://forums.kayako.com/f3/3-30-00-stable-released-18304/
- http://osvdb.org/47616
- http://secunia.com/advisories/31431
- http://www.gulftech.org/?node=research&article_id=00123-08092008
- http://www.securityfocus.com/bid/30642
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44384
- http://forums.kayako.com/f3/3-30-00-stable-released-18304/
- http://osvdb.org/47616
- http://secunia.com/advisories/31431
- http://www.gulftech.org/?node=research&article_id=00123-08092008
- http://www.securityfocus.com/bid/30642
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44384
Products affected by CVE-2008-3701
-
cpe:2.3:a:kayako:supportsuite:*
-
cpe:2.3:a:kayako:supportsuite:3.10.00
-
cpe:2.3:a:kayako:supportsuite:3.10.02
-
cpe:2.3:a:kayako:supportsuite:3.11.00
-
cpe:2.3:a:kayako:supportsuite:3.11.01