CVE-2002-0932

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/4971", "name": "4971", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/9321.php", "name": "myhelpdesk-sql-injection(9321)", "tags": ["Vendor Advisory"], "refsource": "XF"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0057.html", "name": "20020610 [ARL02-A15] Multiple Security Issues in MyHelpdesk", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in index.php for MyHelpDesk 20020509, and possibly other versions, allows remote attackers to conduct unauthorized activities via SQL code in the \"id\" parameter for the operations (1) detailticket, (2) editticket, or (3) updateticketlog."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0932", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-10-04T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:luis_bernardo:myhelpdesk:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2002-05-09"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:29Z"}