CVE-2018-18527
CRITICALOwnTicket 2018-05-23 - SQL Injection via showTicketId or editTicketStatusId Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-18527. PoCs published by Ihsan Sencan.
AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in OwnTicket 1.0 via the 'showTicketId' and 'editTicketStatusId' parameters. The PoC includes URL-encoded SQL payloads that concatenate database information (e.g., user, database, version) using UNION-based injection.
Description
OwnTicket 2018-05-23 allows SQL Injection via the showTicketId or editTicketStatusId parameter.
Exploits (1)
This exploit demonstrates SQL injection vulnerabilities in OwnTicket 1.0 via the 'showTicketId' and 'editTicketStatusId' parameters. The PoC includes URL-encoded SQL payloads that concatenate database information (e.g., user, database, version) using UNION-based injection.
References (1)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H