CVSS: 9.8EPSS: 7%CPEs: 4EXPL: 3CVE-2009-2361 – osTicket 1.6 RC4 - Admin Login Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2361
08 Jul 2009 — SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. Vulnerabilidad de inyección SQL en include/class.staff.php en osTicket before v1.6 RC5 permite a atacantes remotos ejecutar comandos SQL a su elección a través del parámetro staff username. • https://www.exploit-db.com/exploits/9032 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 24%CPEs: 2EXPL: 2CVE-2005-1436
https://notcve.org/view.php?id=CVE-2005-1436
03 May 2005 — Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. • http://secunia.com/advisories/15216 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2005-1437
https://notcve.org/view.php?id=CVE-2005-1437
03 May 2005 — Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php. • http://secunia.com/advisories/15216 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2005-1438
https://notcve.org/view.php?id=CVE-2005-1438
03 May 2005 — PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. • http://secunia.com/advisories/15216 •