Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
| Link | Tags |
|---|---|
| http://www.digitrustgroup.com/advisories/web-application-security-eticket2.html | exploit |
| http://secunia.com/advisories/30877 | third party advisory vendor advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43398 | vdb entry |
| http://www.eticketsupport.com/announcements/170_is_in_the_building-t91.0.html | vendor advisory |
| http://www.securitytracker.com/id?1020379 | vdb entry |
| http://www.securityfocus.com/bid/29973 | vdb entry |