CVE-2008-3701

SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.

Link	Resource
http://forums.kayako.com/f3/3-30-00-stable-released-18304/
http://www.gulftech.org/?node=research&article_id=00123-08092008
http://secunia.com/advisories/31431	Vendor Advisory
http://www.securityfocus.com/bid/30642
http://osvdb.org/47616
https://exchange.xforce.ibmcloud.com/vulnerabilities/44384

Configuration 1

cpe:2.3:a:kayako:supportsuite:3.10.00:*:*:*:*:*:*:* cpe:2.3:a:kayako:supportsuite:3.11.01:*:*:*:*:*:*:* cpe:2.3:a:kayako:supportsuite:*:*:*:*:*:*:*:* cpe:2.3:a:kayako:supportsuite:3.11.00:*:*:*:*:*:*:* cpe:2.3:a:kayako:supportsuite:3.10.02:*:*:*:*:*:*:*

---

Published : 2008-08-15 08:41

Updated : 2017-08-08 01:32

---

NVD link : CVE-2008-3701

Mitre link : CVE-2008-3701

No products.

CWE-89