eTicket Multiple Input Validation Vulnerabilities

vendor:

eTicket

by:

SecurityFocus

7.5

CVSS

HIGH

Multiple Input Validation Vulnerabilities

20, 79, 89

CWE

Product Name: eTicket

Affected Version From: 1.5.5.2

Affected Version To: 1.5.5.2

Patch Exists: NO

Related CWE: N/A

CPE: eticket

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2007

eTicket Multiple Input Validation Vulnerabilities

eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue. A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user.

Mitigation:

Input validation should be used to ensure that untrusted data is not allowed to affect the application's control flow or the data that it manipulates.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27173/info
   
eTicket is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. These vulnerabilities include multiple SQL-injection issues, a cross-site scripting issue, and an authentication-bypass issue.
   
A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, or execute arbitrary script code in the browser of an unsuspecting user.
   
These issues affect eTicket 1.5.5.2; other versions may also be affected.

http://www.example.com/eTicket/admin.php?a=headers&msg=SQL&#039;