CVE-2024-7446

MEDIUM Year: 2024
CVSS v3 Score
7.2
High
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A vulnerability, which was classified as critical, was found in itsourcecode Ticket Reservation System 1.0. This affects an unknown part of the file list_tickets.php. The manipulation of the argument prefSeat_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273531.

Related Vulnerabilities

CVE-2006-5738

HIGH
CVSS:7.2(High)

Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

CWE-892006

CVE-2014-6045

HIGH
CVSS:7.2(High)

SQL injection vulnerability in phpMyFAQ before 2.8.13 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via vectors involving the restore function.

CWE-892014

CVE-2015-10091

HIGH
CVSS:7.2(High)

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manip...

CWE-892015

CVE-2015-2062

HIGH
CVSS:7.2(High)

Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide paramete...

CWE-892015

CVE-2015-5533

HIGH
CVSS:7.2(High)

SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_...

CWE-892015

CVE-2015-5591

HIGH
CVSS:7.2(High)

SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands.

CWE-892015