PerlDesk < 2 kb.cgi view Parameter SQL Injection

high Nessus Network Monitor Plugin ID 2597

Synopsis

The remote host is running PerlDesk, a web-based help desk application written in perl.

Description

The remote host is running PerlDesk, a web-based help desk application written in perl. The remote version of this software is vulnerable to several SQL injection vulnerabilities that may allow an attacker to execute arbitrary SQL statements on the remote SQL database.

Solution

Upgrade or patch according to vendor recommendations.

Plugin Details

Severity: High

ID: 2597

Family: CGI

Published: 2/8/2005

Updated: 3/6/2019

Nessus ID: 16323

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:logicnow:perldesk

Reference Information

CVE: CVE-2005-0343

BID: 12471