Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2361

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2361
Last Modified 22 Jul 2009 03:11:35
Published 08 Jul 2009 11:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2361

Summary

SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.

Vulnerable Systems

Application

  • Osticket 1.6


References

XF - osticket-username-sql-injection(51417)

VUPEN - ADV-2009-1726

SECTRACK - 1022480

BID - 35516

BUGTRAQ - 20090627 osTicket v1.6 RC4 Admin Login Blind SQLi

OSVDB - 55472

MISC - http://www.ngenuity.org/wordpress/2009/06/26/osticket-admin-login-blind-sql-injection/

SECUNIA - 35629

CONFIRM - http://osticket.com/forums/project.php?issueid=118


Last Updated: 27 May 2016 10:50:52