[原文]Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp.
Liberum Help Desk view.asp id Parameter SQL Injection
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Liberum Help Desk contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the 'view.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.