CVE-2008-0267

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
SQL Injection
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:P/A:P
Atk. Vector
NETWORK
Atk. Complexity
LOW