Security Assessment Software - PCI DSS, Firewall Rulebase Analysis, AuditPro, Firesec, Security Assessment and Audit Software for all versions of Operating Systems, Databases, Routers, Switches, Windows, Unix, Linux, Oracle, MS SQL, IBM DB2, Cisco PIX, Cyberguard, Netscreen, Checkpoint Firewalls, GFI Languard, in India, Mumbai, Hyderabad, Delhi, Bangalore, Chennai, Kolkatta, UAE, Dubai, Kuwait, Bahrain, Qatar, Saudi Arabia, Malaysia, Singapore, Thailand, Far East, USA, Europe, North America.

Advisory Listing

SQL Injections

PHPSupportTickets SQL Injection Vulnerability
Security Advisories \| SQL Injection \| PHPSupportTickets SQL Injection Vulnerability Vendor: PHPSupportTickets Version Affected: Discovered in version 2.0, other version may also be vulnerable Type: Remote Admin Login SQL Injection Severity: Highly Critical Date released: 9th December 2005 CVE ID: CVE-2005-4264
Overview
The administrative interface to the software has a login screen, which can be bypassed using SQL injection.
About PHPSupportTickets
PHPSupportTickets is used to manage customer queries for online customer relations. PHP Support Tickets is written in PHP5 and utilizes a MySQL database both of which are required on your server. The administration section is secured through a username and password.
I. Description
The vulnerability can be exploited using SQL injection attacks. The input passed to the "username" and "password" field and in the "id" parameter in the "index.php" is not properly filtered which allows the attacker to run arbitrary SQL queries. The authorization for the administrator can also be bypassed using this vulnerability. Thus any user can directly log on to the administration section.
II. Impact
Administrator access can be gained and arbitrary SQL queries can be executed.
III. Solution
Edit the source code to ensure that the input is properly sanitized.
Vendor's Response
The vendor has released a patch.