exploitDog

GHSA-h3wq-7fh4-v9c2

Опубликовано: 08 сент. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

Ссылки

EPSS

Процентиль: 98%

0.47409

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2021-45811

CVSS3: 6.5

nvd

больше 2 лет назад

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

EPSS

Процентиль: 98%

0.47409

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-89