CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-2594

SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.1

EPSS Ranking 92.7%

CVSS Severity

CVSS v2 Score 7.5

References

http://osvdb.org/92757
http://packetstormsecurity.com/files/121402/Hornbill-Supportworks-ITSM-1.0.0-SQL-Injection.html
http://seclists.org/fulldisclosure/2013/Apr/232
http://www.exploit-db.com/exploits/25002
http://www.reactionpenetrationtesting.co.uk/hornbill-supportworks-sql-injection.html
http://www.securityfocus.com/bid/59439
https://exchange.xforce.ibmcloud.com/vulnerabilities/83767
http://osvdb.org/92757
http://packetstormsecurity.com/files/121402/Hornbill-Supportworks-ITSM-1.0.0-SQL-Injection.html
http://seclists.org/fulldisclosure/2013/Apr/232
http://www.exploit-db.com/exploits/25002
http://www.reactionpenetrationtesting.co.uk/hornbill-supportworks-sql-injection.html
http://www.securityfocus.com/bid/59439
https://exchange.xforce.ibmcloud.com/vulnerabilities/83767

Products affected by CVE-2013-2594

Hornbill » Supportworks Itsm » Version: 1.0.0

cpe:2.3:a:hornbill:supportworks_itsm:1.0.0
Hornbill » Supportworks Itsm » Version: 3.4.14

cpe:2.3:a:hornbill:supportworks_itsm:3.4.14

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-2594

Products

Pricing

Contact Us