|
Description
|
|
Two vulnerabilities were identified in Ezyhelpdesk, which may be exploited by remote attackers to execute arbitrary SQL commands.
The first flaw is due to input validation errors when processing specially crafted "edit_id" ,"faq_id" and "c_id" parameters, which may be exploited by malicious users to conduct SQL injection attacks.
The second issue is due to an input validation error in the ticket search module that does not properly validate the "search_string" parameter, which may be exploited by malicious users to conduct SQL injection attacks.
|
