Security Advisories | SQL Injection | PHPSupportTickets SQL Injection Vulnerability

Vendor: PHPSupportTickets
Version Affected: Discovered in version 2.0, other version may also be vulnerable
Type: Remote Admin Login SQL Injection
Severity: Highly Critical
Date released: 9th December 2005
CVE ID: CVE-2005-4264

Overview
The administrative interface to the software has a login screen, which can be bypassed using SQL injection.

About PHPSupportTickets
PHPSupportTickets is used to manage customer queries for online customer relations. PHP Support Tickets is written in PHP5 and utilizes a MySQL database both of which are required on your server. The administration section is secured through a username and password.

I. Description
The vulnerability can be exploited using SQL injection attacks. The input passed to the "username" and "password" field and in the "id" parameter in the "index.php" is not properly filtered which allows the attacker to run arbitrary SQL queries. The authorization for the administrator can also be bypassed using this vulnerability. Thus any user can directly log on to the administration section.

II. Impact
Administrator access can be gained and arbitrary SQL queries can be executed.

III. Solution
Edit the source code to ensure that the input is properly sanitized.

Vendor's Response
The vendor has released a patch.



Advisory Listing

SQL Injections

Buffer Overflows

Information Disclosure, Path Disclosure

Denial of Service

User Enumeration

Password Disclosure

Network Intelligence (I) Pvt. Ltd. © 2004 | Copyright | Disclaimer
info@niiconsulting.com