CVE-2008-0267 Information

Description

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status (2) sort and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.

Reference

http://secunia.com/advisories/28331 http://securityreason.com/securityalert/3542 http://www.securityfocus.com/archive/1/485835/100/0/threaded http://www.securityfocus.com/bid/27173 https://exchange.xforce.ibmcloud.com/vulnerabilities/39487 https://exchange.xforce.ibmcloud.com/vulnerabilities/39489