Ticketly CVE-2018-18923 Multiple SQL Injection Vulnerabilities

Bugtraq ID:	106044
Class:	Input Validation Error
CVE:	CVE-2018-18923
Remote:	Yes
Local:	No
Published:	Nov 05 2018 12:00AM
Updated:	Nov 05 2018 12:00AM
Credit:	Javier Olmedo
Vulnerable:	ABiSoft Ticketly 1.0
Not Vulnerable:

Ticketly CVE-2018-18923 Multiple SQL Injection Vulnerabilities

Ticketly is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Ticketly version 1.0 is vulnerable; other versions may also be affected.

Ticketly CVE-2018-18923 Multiple SQL Injection Vulnerabilities

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

Ticketly CVE-2018-18923 Multiple SQL Injection Vulnerabilities

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].

Ticketly CVE-2018-18923 Multiple SQL Injection Vulnerabilities

References:

• AbiSoft Home Page (AbiSoft)
  
• CVE-2018-18923 Ticketly 1.0 - Multiple SQL Injections (Javier Olmedo)
  
• Ticketly Home Page (Ticketly)