CVE-2021-42235

SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*
cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*

History

13 May 2022, 17:13

Type Values Removed Values Added
References (MISC) https://github.com/osTicket/osTicket/commit/e28291022e662ffa754e170c09cade7bdadf3fd9 - (MISC) https://github.com/osTicket/osTicket/commit/e28291022e662ffa754e170c09cade7bdadf3fd9 - Patch, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:*
First Time Enhancesoft osticket
Enhancesoft
CWE CWE-89

04 May 2022, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-05-04 17:15

Updated : 2022-05-13 17:13


NVD link : CVE-2021-42235

Mitre link : CVE-2021-42235


JSON object : View

Products Affected

enhancesoft

  • osticket
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')