Vulnerability Details CVE-2009-2361
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osticket.com/forums/project.php?issueid=118
- http://secunia.com/advisories/35629
- http://www.exploit-db.com/exploits/9032
- http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/
- http://www.osvdb.org/55472
- http://www.securityfocus.com/archive/1/504615/100/0/threaded
- http://www.securityfocus.com/bid/35516
- http://www.securitytracker.com/id?1022480
- http://www.vupen.com/english/advisories/2009/1726
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51417
- http://osticket.com/forums/project.php?issueid=118
- http://secunia.com/advisories/35629
- http://www.exploit-db.com/exploits/9032
- http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/
- http://www.osvdb.org/55472
- http://www.securityfocus.com/archive/1/504615/100/0/threaded
- http://www.securityfocus.com/bid/35516
- http://www.securitytracker.com/id?1022480
- http://www.vupen.com/english/advisories/2009/1726
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51417