Lucene search
MitreCVE-2021-45811HistorySep 08, 2023 - 2:15 a.m.
CVE-2021-45811
2023-09-0802:15:07
CWE-89
mitre
web.nvd.nist.gov
27
sql injection
search functionality
tickets.php
osticket 1.15.x
nvd
cve-2021-45811
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
44.2%
A SQL injection vulnerability in the “Search” functionality of “tickets.php” page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the “keywords” and “topic_id” URL parameters combination.
Affected configurations
Node
enhancesoftosticketRange1.15–1.15.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| enhancesoft | osticket | * | cpe:2.3:a:enhancesoft:osticket:*:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2021-45811
2023-09-08 02:15:07
prion
prion
Sql injection
2023-09-08 02:15:00
cvelist
cvelist
CVE-2021-45811
2023-09-08 00:00:00
osv
osv
CVE-2021-45811
2023-09-08 02:15:07
vulnrichment
vulnrichment
CVE-2021-45811
2023-09-08 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7
Confidence
High
EPSS
0.001
Percentile
44.2%
Related for CVE-2021-45811