Vulnerabilities > Eticket > Eticket > 1.5.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-15 | CVE-2008-0268 | Cross-Site Scripting vulnerability in Eticket 1.5.5.2 Cross-site scripting (XSS) vulnerability in view.php in eTicket 1.5.5.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 4.3 |
2008-01-15 | CVE-2008-0267 | SQL Injection vulnerability in Eticket 1.5.5.2 Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. | 7.5 |
2008-01-15 | CVE-2008-0266 | Cross-Site Request Forgery (CSRF) vulnerability in Eticket 1.5.5.2 Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. | 2.6 |
2008-01-08 | CVE-2008-0093 | Cross-Site Scripting vulnerability in Eticket 1.5.5.2/1.5.6Rc2/1.5.6Rc3 Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. | 4.3 |