CVE-2010-0605

osTicket < 1.6 - Authenticated SQL Injection via scp/ajax.php Input Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0605. PoCs published by Nahuel Grisolia.

AI-analyzed exploit summary The exploit demonstrates SQL injection and reflected XSS vulnerabilities in osTicket 1.6 RC5. The SQLi PoC extracts credentials from the database and writes a PHP file to the server, while the XSS PoC executes arbitrary JavaScript.

Description

SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nahuel Grisolia · textwebappsphp
https://www.exploit-db.com/exploits/11380

The exploit demonstrates SQL injection and reflected XSS vulnerabilities in osTicket 1.6 RC5. The SQLi PoC extracts credentials from the database and writes a PHP file to the server, while the XSS PoC executes arbitrary JavaScript.

Classification
Working Poc 100%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: osTicket 1.6 RC5
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11380
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38166
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38515

Scores

EPSS 0.0305
EPSS Percentile 85.8%

Details

CWE
CWE-89
Status published
Products (5)
osticket/osticket 1
osticket/osticket 1.2.7
osticket/osticket 1.3.0
osticket/osticket 1.6 rc1 (4 CPE variants)
osticket/osticket < 1.6
Published Feb 11, 2010
Tracked Since Feb 18, 2026