SQL Injection Vulnerability in osTicket Login and Password Reset Process

SQL Injection Vulnerability in osTicket Login and Password Reset Process

CVE-2021-42235 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.

Learn more about our Web Application Penetration Testing UK.