PHP Support Tickets < 2.1 index.php Multiple Field SQL Injection
High Nessus Network Monitor Plugin ID 3328
SynopsisThe remote host is vulnerable to a SQL Injection attack.
DescriptionThe remote host is running PHP Support Tickets, a PHP help-desk application. An attacker exploiting this flaw would only need to be able to send HTTP queries to the remote application. Successful exploitation would result in the attacker being able to execute arbitrary commands on the backend database server.
SolutionUpgrade to version 2.1 or higher.