NetSupport DNA HelpDesk problist.asp where Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
NetSupport DNA HelpDesk contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'where' parameter in problist.asp is not verified properly and will allow an attacker to inject or manipulate SQL queries.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.