1.10

DATE	CVE	VULNERABILITY TITLE	RISK
2017-09-12	CVE-2017-14396	SQL Injection vulnerability in Osticket 1.10 In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. network low complexity osticket CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.