Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

PHP Support Tickets SQL Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for SQL injection vulnerability in PHP Support Tickets

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server has a PHP application that is affected by a SQL
injection flaw.

Description :

The remote host is running PHP Support Tickets, an open-source support
ticketing system written in PHP.

The installed version of PHP Support Tickets does not validate input
to the 'username' or 'password' parameters of the 'index.php' script
before using it in a database query. A possible hacker may be able to
leverage this issue to manipulate SQL queries to, for example, bypass
authentication and gain administrative access to the affected

See also :

Solution :

Contact the vendor as reportedly there is a patch to fix the issue.

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.