osTicket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the include/class.faq.php script not properly sanitizing user-supplied input to the 'ids' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Vendor Status:
Currently, We are not aware of any updates from then vendor
Disclosure Timeline:
Disclosure Date :2013-01-01
Exploit Publish Date :2013-01-02