VYPR
Critical severity9.8OSV Advisory· Published Sep 12, 2017· Updated Jun 17, 2026

CVE-2017-14396

CVE-2017-14396

Description

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Osticket/OsticketOSV3 versions
    v1.10-dpr, v1.8-dpr, v1.8.0, …+ 2 more
    • (no CPE)range: v1.10-dpr, v1.8-dpr, v1.8.0, …
    • cpe:2.3:a:osticket:osticket:1.10:*:*:*:*:*:*:*
    • (no CPE)range: <1.10.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.