osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-0605)

Description

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.

Remediation

References

CVE-2010-0605

Related Vulnerabilities

WordPress Plugin WooCommerce Save For Later Cart Enhancement PHP Object Injection (1.0.6)

WordPress Plugin WP Mass Mail Open Email Relay (2.45)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-10890)

WordPress Plugin GeoDirectory-WordPress Business Directory and Classified Ads Listings Cross-Site Scripting (2.2.21)

MySQL Other Vulnerability (CVE-2000-0981)

Severity

High

Classification

CVE-2010-0605 CWE-138