|
| Description: | | A SQL injection vulnerability in the ""Search"" functionality of ""tickets.php"" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the ""keywords"" and ""topic_id"" URL parameters combination. |
|
| Impact: | | An attacker can inject arbitrary sql commands to view or change the database of the target by exploiting the vulnerability successfully. |
|
| Affected OS: | | Windows, Linux, Others |
|
| Reference: | | http://enhancesoft.com
http://osticket.com
https://members.backbox.org/osticket-sql-injection/
|
|