CVE-2018-18923 Information

Description

AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name category_id and description in action/addproject.php; kind_id priority_id project_id status_id and title in action/addticket.php; and kind_id and status_id in reports.php.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://hackpuntes.com/cve-2018-18923-ticketly-1-0-multiples-sql-injections/ https://www.exploit-db.com/exploits/45902/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8