Unknown · Wp-Support-Plus-Responsive-Ticket-System · CVE-2018-1000131
Name of the Vulnerable Software and Affected Versions:
Support Plus Responsive Ticket System versions 9.0.2 and earlier
Description:
The issue concerns a SQL Injection vulnerability in the function to get tickets. The `email` parameter in the cookie was found to be injectable, allowing for the filtering of the parameter. This attack is exploitable via a website without requiring login.
Recommendations:
For versions 9.0.2 and earlier, update to version 9.0.3 or later to resolve the issue.