Description

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.

Remediation

References

CVE-2010-0605

Related Vulnerabilities

Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-28336)

WordPress Plugin Soundy Background Music Cross-Site Scripting (3.1)

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48706)

WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412)

WordPress Plugin SyntaxHighlighter Evolved Cross-Site Scripting (3.5.0)

Severity

High

Classification

CVE-2010-0605 CWE-138

Tags

Missing Update Known Vulnerabilities