FreeTicket: SQL Injection Vulnerability

Users of FreeTicket please be advised of a SQL injection vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

EV0146: [EV0146] SQL injections in FreeTicket
Software: FreeTicket
Type: SQL injection
——–Description——–
1. ‘id’ SQL injection
Vulnerability found in contact.php script.
User-defined variable id is not properly sanitized before being used in SQL query.
This can be used to execute arbitrary SQL query.

2. ’email’ SQL injection
Vulnerable script is contact.php script.
’email’ parameter is not properly sanitized before being used in SQL query.

Read more at http://www.criticalwatch.com

 

Advertisements