SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Php_ticket | Php_ticket | 0.6 | 0.6 |
Php_ticket | Php_ticket | * | 0.71 |
Php_ticket | Php_ticket | 0.5 | 0.5 |