Vulnerability Description
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eticket | Eticket | 1.5.5.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28331Vendor Advisory
- http://securityreason.com/securityalert/3542
- http://www.securityfocus.com/archive/1/485835/100/0/threaded
- http://www.securityfocus.com/bid/27173Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39487
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39489
- http://secunia.com/advisories/28331Vendor Advisory
- http://securityreason.com/securityalert/3542
- http://www.securityfocus.com/archive/1/485835/100/0/threaded
- http://www.securityfocus.com/bid/27173Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39487
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39489
FAQ
What is CVE-2008-0267?
CVE-2008-0267 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and all...
How severe is CVE-2008-0267?
CVE-2008-0267 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0267?
Check the references section above for vendor advisories and patch information. Affected products include: Eticket Eticket.