Helm Control Panel Compose Message Form messageToUserAccNum Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Helm Web Hosting Control Panel Compose Message form contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'messageToUserAccNum' parameter in the Compose Message Form is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Upgrade to version 3.1.20 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.