Tickets CAD Multiple Vulnerabilities Network Vulnerability

Summary

Tickets CAD is prone to multiple vulnerabilities. 1. A Reflective XSS vulnerability exist in the search function, search.php within the application. 2. A Stored XSS vulnerability exist in log.php while creating a new log entry. 3. Information disclosure exist which allows users even the guest account to view the tables of the sql database. Tickets CAD 2.20G is vulnerable other versions may also be affected.

References

http://www.exploit-db.com/exploits/20268/
http://www.ticketscad.org

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 3.5 AV:N/AC:M/Au:S/C:P/I:N/A:N

Related Vulnerabilities

Nakid CMS 'CKEditorFuncNum' Parameter Cross Site Scripting Vulnerability
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
Interchange HTTP Response Splitting Vulnerability
DD-WRT '/Info.live.htm' Multiple Information Disclosure Vulnerabilities
Apple Safari JavaScript Engine Cross Domain Information Disclosure Vulnerability

Take action and discover your vulnerabilities