CVE-2008-0267

high

Description

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39489

https://exchange.xforce.ibmcloud.com/vulnerabilities/39487

http://www.securityfocus.com/archive/1/485835/100/0/threaded

http://securityreason.com/securityalert/3542

http://secunia.com/advisories/28331

Details

Source: Mitre, NVD

Published: 2008-01-15

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01892