VYPR

Zen Help Desk

by Zen Help Desk Software

CVEs (2)

  • CVE-2009-2604Jul 27, 2009
    risk 0.03cvss epss 0.01

    Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.

  • CVE-2007-3146Jun 11, 2007
    risk 0.00cvss epss 0.01

    Zen Help Desk 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing a password via a direct request for ZenHelpDesk.mdb.