What the vulnerability does
01Description
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
What the vulnerability does
Unauthenticated SQL Injection in JS Help Desk <= 3.0.9 versions.
Explanation of Vulnerability in Simple Terms
JS Help Desk versions up to 3.0.9 contain a SQL injection vulnerability in an unauthenticated network-accessible function. An attacker can craft malicious input to extract sensitive data from the database, including user credentials and help desk records. The vulnerability requires no authentication or user interaction. Scope is changed, meaning the impact may extend beyond the vulnerable component itself.
What an attacker can do
Extract sensitive data from the database, including user credentials and help desk records.
Potential impact on your site
Attackers can read all database contents without logging in, compromising user accounts and confidential support tickets.
Conditions required to exploit
Network access to the JS Help Desk application. No authentication or user interaction required.
Key dates
External resources
Related vulnerabilities