Description

SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.

Remediation

References

CVE-2021-42235

Related Vulnerabilities

TYPO3 Improper Input Validation Vulnerability (CVE-2012-1608)

WordPress Plugin Brute Force Login Protection Cross-Site Scripting (1.5.2)

WordPress Plugin ARForms:Wordpress Form Builder Arbitrary File Deletion (3.7.1)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)

WordPress Plugin Customer Reviews for WooCommerce Local File Inclusion (5.15.0)

Severity

Critical

Classification

CVE-2021-42235 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities