The host is running eTicket, which is prone to multiple SQL Injection vulnerabilities.

Successful attack could allow manipulation of the database by injecting arbitrary SQL queries. Impact Level: Application

Update to Version 1.7.0 or later. http://www.eticketsupport.com/

Input passed to the pri parameter of index.php, open.php, open_raw.php, and newticket.php is not properly sanitised before being used in SQL queries.

eTicket Version 1.5.7 and prior.

• http://secunia.com/advisories/30877
• http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html
• http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html

---

Updated on 2015-03-25