osTicket, SQL Injection
# Authors: BackBox Team I. INTRODUCTION osTicket is an open-source and widespread ticketing system. One of its latest versions, i.e. v1.15.6, has been found being subject to an SQL Injection vulnerability. II. DESCRIPTION SQL Injection (CVE-2021-45811) The osTicket system allows users to submit tickets and review/update them through the main “tickets.php” page.Through the same page, […]