Servicetonic: Security Vulnerabilities
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-11-08
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-11-08
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-11-08