Help Center Live < 2.1.0 osTicket Multiple SQL Injection
High Nessus Network Monitor Plugin ID 3521
SynopsisThe remote host is vulnerable to a SQL Injection attack.
DescriptionThe remote web server is running Help Center Live, a help desk application written in PHP. The remote version of this software is vulnerable to a SQL Injection flaw. An attacker exploiting this flaw would send malformed HTTP requests to the web application that would, upon being parsed, execute arbitrary commands on the database server.
SolutionUpgrade to version 2.1.0 or higher.