CVE-2021-45811

MEDIUM NUCLEI

osTicket <1.15.x - SQL Injection

Title source: llm

Description

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

Nuclei Templates (1)

osTicket 1.15.x - SQL Injection

MEDIUMby ritikchaddha

Shodan: title:"osTicket"

FOFA: title="osticket"

References (3)

[Product] http://enhancesoft.com

[Product] http://osticket.com

[Exploit, Third Party Advisory] https://members.backbox.org/osticket-sql-injection/

Scores

CVSS v3 6.5

EPSS 0.5312

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

enhancesoft/osticket 1.15 - 1.15.8

Published Sep 08, 2023

Tracked Since Feb 18, 2026