CVE-2008-0267

Published: 15/01/2008 Updated: 15/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eticket eticket 1.5.5.2

source: wwwsecurityfocuscom/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue A successful exploit could allo ...

source: wwwsecurityfocuscom/bid/27173/info eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue A successful exploit could al ...

CWE-89 http://www.securityfocus.com/bid/27173 http://secunia.com/advisories/28331 http://securityreason.com/securityalert/3542 https://exchange.xforce.ibmcloud.com/vulnerabilities/39489 https://exchange.xforce.ibmcloud.com/vulnerabilities/39487 http://www.securityfocus.com/archive/1/485835/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30996/

CVE-2008-0267

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect