CVE-2017-14396
NONE EPSS 85.3%
Published Sep 12, 20178y ago · Modified Jun 17, 20262w ago
Published Sep 12, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Threat Intelligence
EPSS Exploit Probability
85.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-89 SQL Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| osticket | osticket | 1.10 | any |
References 1
- osticket.com http://www.osticket.com/blog/125
Remediation
- osticket.com http://www.osticket.com/blog/125