Описание
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
Ссылки
- Product
- Product
- ExploitThird Party Advisory
- Product
- Product
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.15 (включая) до 1.15.8 (включая)
cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.47409
Средний
6.5 Medium
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
EPSS
Процентиль: 98%
0.47409
Средний
6.5 Medium
CVSS3
Дефекты
CWE-89