CVE-2017-14396

NONE EPSS 85.3%
Published Sep 12, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Sep 12, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

Threat Intelligence

EPSS Exploit Probability
85.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
osticketosticket1.10any

References 1

  • osticket.com http://www.osticket.com/blog/125
    PatchVendor Advisory

Remediation

  • osticket.com http://www.osticket.com/blog/125
    PatchVendor Advisory