Advisory

Product:- PHP SUPPORT TICKETS version 2.1 and earlier

Vulnerability:-Sql Injection

CRITICALITY:
critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
"Manage customer queries with this one stop solution for online customer relations.PHP Support Tickets is written in PHP5 and utilises a MySQL database both are required on your web.The administration section is secured through a username and password. The default entry is administrator / password. You may change this once you have logged in.
You may have unlimited Moderators / Admins assigned to take care of incoming tickets. These are all entered through an intuitive user admin page.Admins are allowed to view all tickets and perform all admin tasks, moderators can see the tickets assigned to their department only.Manageable departments allow you to edit / delete / add new departments at will.".

DESCRIPTION:
The Vulnerability can be exploited by malicious people to conduct SQL injection attacks.The input passed to the "username" and "password" field and in the "id" parameter in the "index.php" is not properly filtered which allows the attacker to run arbitary sql query. There may be other parameters as well where the input is not filtered.

Proof of concept:-
** The proof of concept cannot be released until vendor is ready with the patch***

SOLUTION:
Awaiting response from the vendor

Original Advisory: Here at http://axcesdenied.blogspot.com

Credit: $um$id
Aka
Access Denied