25 matches found
EUVD-2025-13461
Malicious code in bioql PyPI...
CVE-2025-5227 PHPGurukul Small CRM manage-tickets.php sql injection
A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2025-5227 PHPGurukul Small CRM manage-tickets.php sql injection
A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument aremark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2025-5227
The CVE-2025-5227 entry concerns PHPGurukul Small CRM 3.0 with a SQL injection in the /admin/manage-tickets.php endpoint. The vulnerability arises from unsafely handling the aremark parameter, enabling remote exploitation and potentially exposing or modifying database data. Multiple connected sou...
CVE-2025-26241
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket =1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...
CVE-2025-26241
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket =1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...
CVE-2025-26241
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket =1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...
CVE-2025-26241
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket =1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...
PT-2025-19725 · Osticket · Osticket
Name of the Vulnerable Software and Affected Versions: osTicket versions 1.17.5 and earlier Description: A SQL injection issue exists in the Search functionality of the tickets.php page, allowing authenticated attackers to execute arbitrary SQL commands. This is achieved via a combination of the...
CVE-2021-45811
CVE-2021-45811 is a confirmed SQL injection vulnerability in osTicket 1.15.x, affecting the Search functionality on tickets.php where authenticated users can manipulate the query via the combination of the keywords and topic_id URL parameters. The issue allows attackers to execute arbitrary SQL c...
CVE-2020-10432
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-tickets.php by adding a question mark ? followed by the payload...
Cross site scripting
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-tickets.php by adding a question mark ? followed by the payload...
CVE-2020-10499
The connected records provide concrete details for CVE-2020-10499: Chadha PHPKB Standard Multi-Language v9 contains a cross-site request forgery (CSRF) flaw in the admin/manage-tickets.php endpoint. An attacker can close any ticket by crafting a request that, when executed by an authenticated use...
CVE-2020-10489
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request...
CVE-2020-10489
CVE-2020-10489 is a CSRF vulnerability in Chadha PHPKB Standard Multi-Language 9 affecting the admin/manage-tickets.php endpoint. An attacker can cause a user’s browser to issue a crafted request to delete a ticket, due to inadequate protection against cross-site request forgery. The CVE is docum...
CVE-2020-10432
The CVE-2020-10432 entry applies to Chadha PHPKB Standard Multi-Language 9, where URI handling in admin/header.php enables a Reflected XSS in admin/manage-tickets.php when a leading question mark is followed by a payload. The Red Hat CVE records corroborate a similar issue affecting admin/header....
CVE-2020-10432
The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/manage-tickets.php by adding a question mark ? followed by the payload...
Design/Logic Flaw
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication...
CVE-2017-15362
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication...
osTicket 'tickets.php' Cross-Site Scripting Vulnerability
osTicket is a widely used lightweight question return system developed in PHP. A cross-site scripting vulnerability exists in osTicket 'tickets.php' because the application fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...