exploitDog

GHSA-v33m-xv4g-2xv2

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

Ссылки

EPSS

Процентиль: 83%

0.01968

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2017-14396

CVSS3: 9.8

nvd

больше 8 лет назад

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

EPSS

Процентиль: 83%

0.01968

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89