2012-12-12 11:00:00
mitre
PUBLISHED
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.