Summary
The host is running eTicket, which is prone to multiple SQL Injection vulnerabilities.
Impact
Successful attack could allow manipulation of the database by injecting arbitrary SQL queries.
Impact Level: Application
Solution
Update to Version 1.7.0 or later.
http://www.eticketsupport.com/
Insight
Input passed to the pri parameter of index.php, open.php, open_raw.php, and newticket.php is not properly sanitised before being used in SQL queries.
Affected
eTicket Version 1.5.7 and prior.
References
Severity
Classification
-
CVE CVE-2008-5165 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- ActivePerl perlIS.dll Buffer Overflow
- Apple Safari PDF Javascript Security Bypass Bypass Vulnerability