CVE-2015-4676
The connected documents confirm a SQL injection vulnerability in TickFa 1.x affecting ticket.php via the tid parameter in a read action. Root cause noted as improper handling/validation of tid input, enabling remote authenticated users to execute arbitrary SQL commands against the database. This ...