13 matches found
EUVD-2018-10630
Malware in sbrugna...
EUVD-2018-10629
Malware in sbrugna...
AbiSoft Ticketly SQL Injection Vulnerability
AbiSoft Ticketly is a PHP and MySQL based ticketing software from AbiSoft in the Republic of Guatemala. A SQL injection vulnerability exists in AbiSoft Ticketly version 1.0, which can be exploited by remote attackers to execute arbitrary SQL commands with the help of multiple parameters...
CVE-2018-18922
adduser in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/adduser.php POST request...
Sql injection
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, categoryid and description in action/addproject.php; kindid, priorityid, projectid, statusid and title in action/addticket.php; and kindid and statusid in reports.php...
CVE-2018-18922
adduser in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/adduser.php POST request...
CVE-2018-18923
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, categoryid and description in action/addproject.php; kindid, priorityid, projectid, statusid and title in action/addticket.php; and kindid and statusid in reports.php...
Cross site request forgery (csrf)
adduser in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/adduser.php POST request...
CVE-2018-18923
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, categoryid and description in action/addproject.php; kindid, priorityid, projectid, statusid and title in action/addticket.php; and kindid and statusid in reports.php...
CVE-2018-18922
adduser in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/adduser.php POST request...
CVE-2018-18923
CVE-2018-18923 is an authenticated SQL Injection issue affecting AbiSoft Ticketly 1.0. Concrete details across connected records show injections in multiple endpoints: action/addproject.php (name, category_id, description), action/addticket.php (kind_id, priority_id, project_id, status_id, title)...
CVE-2018-18922
CVE-2018-18922 affects AbiSoft Ticketly 1.0. A POST to /action/add_user.php without authentication lets remote attackers create administrator accounts, enabling privilege escalation. Public references document PoCs and exploits (e.g., Exploit-DB entry 45892; other sources). The available data con...
CVE-2018-18923
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, categoryid and description in action/addproject.php; kindid, priorityid, projectid, statusid and title in action/addticket.php; and kindid and statusid in reports.php...