Description

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.

Remediation

References

CVE-2010-0605

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4300)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.13)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-13082)

WordPress Plugin Really Simple Gallery Multiple Vulnerabilities (1.4)

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

Severity

High

Classification

CVE-2010-0605 CWE-138

Tags

Missing Update Known Vulnerabilities