Vulnerabilities > CVE-2006-1481 - SQL Injection vulnerability in PHP Ticket PHP Ticket 0.5/0.6

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php-ticket
exploit available

Summary

SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.

Vulnerable Configurations

Part Description Count
Application
Php_Ticket
3

Exploit-Db

descriptionPHP Ticket <= 0.71 (search.php) Remote SQL Injection Exploit. CVE-2006-1481. Webapps exploit for php platform
fileexploits/php/webapps/1609.pl
idEDB-ID:1609
last seen2016-01-31
modified2006-03-25
platformphp
port
published2006-03-25
reporterundefined1_
sourcehttps://www.exploit-db.com/download/1609/
titlePHP Ticket <= 0.71 search.php Remote SQL Injection Exploit
typewebapps