Page 4 of 31 results (0.003 seconds)
CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 3
CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 3CVE-2009-2361 – osTicket 1.6 RC4 - Admin Login Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2361
08 Jul 2009 — SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. Vulnerabilidad de inyección SQL en include/class.staff.php en osTicket before v1.6 RC5 permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro staff username. • https://www.exploit-db.com/exploits/9032 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •