Description
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
Remediation
References
Related Vulnerabilities
Moodle Improper Access Control Vulnerability (CVE-2016-2159)
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-6624)
Artifactory Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-41834)