CVE-2018-18923

CRITICAL

Abisoftgt Ticketly - SQL Injection

Title source: rule

Description

AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.

Exploits (1)

exploitdb WORKING POC
by Javier Olmedo · textwebappsphp
https://www.exploit-db.com/exploits/45902

References (2)

Scores

CVSS v3 9.8
EPSS 0.0267
EPSS Percentile 85.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
abisoftgt/ticketly 1.0
Published Dec 13, 2018
Tracked Since Feb 18, 2026