Description

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

Remediation

References

CVE-2021-45811

Related Vulnerabilities

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-1935)

WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)

WordPress Plugin WP-HR Manager:The Human Resources Unspecified Vulnerability (2.9.4)

WordPress Plugin MP3-jPlayer Multiple Cross-Site Request Forgery Vulnerabilities (2.7.3)

WordPress Plugin Lazy content Slider Cross-Site Request Forgery (3.4)

Severity

Medium

Classification

CVE-2021-45811 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities