CVE-2009-2361

SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
enhancesoftosticket
𝑥
≤ 1.6
enhancesoftosticket
1.6:rc1
enhancesoftosticket
1.6:rc2
enhancesoftosticket
1.6:rc3
𝑥
= Vulnerable software versions