vendor:
Ticketly
by:
Javier Olmedo
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Ticketly
Affected Version From: 1
Affected Version To: 1
Patch Exists: No
Related CWE:
CPE: a:abisoft:ticketly:1.0
Platforms Tested: Windows, Ubuntu
2018
Ticketly 1.0 – ‘name’ SQL Injection
Ticketly 1.0 is affected by SQL Injection in multiple parameters and resources through POST. This allows an attacker to read and modify sensitive information from the database used by the application.
Mitigation:
To mitigate this vulnerability, the vendor should sanitize and validate user inputs to prevent SQL Injection attacks.