PHP Support Tickets index.php Multiple Parameter SQL Injection

high Nessus Plugin ID 20378

Language:

Synopsis

The remote web server has a PHP application that is affected by a SQL injection flaw.

Description

The remote host is running PHP Support Tickets, an open source support ticketing system written in PHP.

The installed version of PHP Support Tickets does not validate input to the 'username' or 'password' parameters of the 'index.php' script before using it in a database query. An attacker may be able to leverage this issue to manipulate SQL queries to, for example, bypass authentication and gain administrative access to the affected application.

Solution

Contact the vendor as reportedly there is a patch to fix the issue.

Plugin Details

Severity: High

ID: 20378

File Name: phpsupporttickets_sql_injection.nasl

Version: 1.22

Type: remote

Family: CGI abuses

Published: 1/4/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:triangle_solutions:php_support_tickets

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/10/2005

Reference Information

CVE: CVE-2005-4264

BID: 15853

Detections

Analytics