CVE-2021-45811 Information

Description

A SQL injection vulnerability in the \Search\ functionality of ickets.php\ page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the \keywords\ and opic_id\ URL parameters combination.

Reference

http://enhancesoft.com https://members.backbox.org/osticket-sql-injection/ http://osticket.com