CVE-2009-2361

SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.

Date published : 2009-07-08

http://www.securityfocus.com/bid/35516

http://www.securityfocus.com/archive/1/504615/100/0/threaded