RSS   Vulnerabilities for 'Servicetonic'   RSS

2021-11-08
 
CVE-2021-28022

CWE-89
 
 
Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries.

 
 
CVE-2021-28023

CWE-434
 
 
Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in relative paths.

 
 
CVE-2021-28024

CWE-287
 
 
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.

 

Copyright 2024, cxsecurity.com

 

Back to Top