CVE-2018-18923

Name of the Vulnerable Software and Affected Versions AbiSoft Ticketly version 1.0

Description The issue affects AbiSoft Ticketly through multiple SQL Injection vulnerabilities. These vulnerabilities are found in the parameters name, category id, and description in the "action/addproject.php" endpoint, kind id, priority id, project id, status id, and title in the "action/addticket.php" endpoint, and kind id and status id in the "reports.php" endpoint.

Recommendations For AbiSoft Ticketly version 1.0, as a temporary workaround, consider restricting access to the vulnerable endpoints "action/addproject.php", "action/addticket.php", and "reports.php" to minimize the risk of exploitation. Avoid using the parameters name, category id, description, kind id, priority id, project id, status id, and title in the affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.