Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1413

Description

Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature.

Affected products

Kayako/Esupport5 versions
cpe:2.3:a:kayako:esupport:2.1.2:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:kayako:esupport:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:esupport:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:esupport:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:esupport:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:esupport:2.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gulftech.orgnvdExploit
www.securityfocus.com/bid/12037nvdExploit
marc.infonvd
exchange.xforce.ibmcloud.com/vulnerabilities/18572nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000