Tikket1

Name of the Vulnerable Software and Affected Versions Hi.Events versions 0.8.0-beta.1 through 1.7.1-beta Description Hi.Events is an open-source event management and ticket selling platform. Multiple repository classes pass the user-supplied `sort by` query parameter directly to Eloquent's `orderBy()` without validation, enabling SQL injection. The application uses PostgreSQL which supports stacked queries. Recommendations Update to version 1.7.1-beta or later.