Lucene search

PRIOn knowledge basePRION:CVE-2010-0605

HistoryFeb 11, 2010 - 5:30 p.m.

Sql injection

2010-02-1117:30:00

PRIOn knowledge base

www.prio-n.com

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

35.9%

JSON

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with “Staff” permissions, to execute arbitrary SQL commands via the input parameter.

CPENameOperatorVersion
osticketeq1.6 rc1
osticketle1.6
osticketeq1.6 rc3
osticketeq1.2.7
osticketeq1
osticketeq1.6 rc4
osticketeq1.6 rc2
osticketeq1.3.0

Name	Operator	Version
osticket	eq	1.6 rc1
osticket	le	1.6
osticket	eq	1.6 rc3
osticket	eq	1.2.7
osticket	eq	1
osticket	eq	1.6 rc4
osticket	eq	1.6 rc2
osticket	eq	1.3.0

References

osticket.com/forums/project.php?issueid=176

packetstormsecurity.org/1002-exploits/osTicket-1.6-RC5-SQLi.pdf

secunia.com/advisories/38515

www.securityfocus.com/bid/38166

www.exploit-db.com/exploits/11380

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

35.9%

JSON

Related for PRION:CVE-2010-0605