CVE-2010-0605

Опубликовано: 11 фев. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.

Ссылки

http://osticket.com/forums/project.php?issueid=176
Patch
http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf
Exploit
http://secunia.com/advisories/38515
Vendor Advisory
http://www.exploit-db.com/exploits/11380
Exploit
http://www.securityfocus.com/bid/38166
Exploit
http://osticket.com/forums/project.php?issueid=176
Patch
http://packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf
Exploit
http://secunia.com/advisories/38515
Vendor Advisory
http://www.exploit-db.com/exploits/11380
Exploit
http://www.securityfocus.com/bid/38166
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:osticket:osticket:*:rc5:*:*:*:*:*:*

Версия до 1.6 (включая)

cpe:2.3:a:osticket:osticket:1:*:*:*:*:*:*:*

cpe:2.3:a:osticket:osticket:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:osticket:osticket:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:osticket:osticket:1.6:rc1:*:*:*:*:*:*

cpe:2.3:a:osticket:osticket:1.6:rc2:*:*:*:*:*:*

cpe:2.3:a:osticket:osticket:1.6:rc3:*:*:*:*:*:*

cpe:2.3:a:osticket:osticket:1.6:rc4:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00672

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-qpr7-hfx5-hx7x

github

почти 4 года назад