Description

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

Remediation

References

CVE-2017-14396

Related Vulnerabilities

WordPress Plugin LearnPress-WordPress LMS Cross-Site Request Forgery (3.2.7.2)

WordPress Plugin FoxyPress 'uploadify.php' Arbitrary File Upload (0.4.2.1)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7932)

WebLogic CVE-2020-14638 Vulnerability (CVE-2020-14638)

WordPress Plugin Download Plugin Arbitrary Directory Download (1.0.1)

Severity

Critical

Classification

CVE-2017-14396 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities