Primary

Context

Infoticketing SQL Injection Vulnerability Allowing Unauthenticated Database Manipulation

Vulnerability

A SQL injection vulnerability has been identified in Infoticketing, a ticket management system. This vulnerability allows an unauthenticated attacker to perform various database operations, including retrieval, creation, updating, and deletion. The issue arises in the 'cartApplyDiscount.php' component, where the 'code' parameter can be exploited by sending a POST request.

Impact

Exploitation of this vulnerability could lead to unauthorized access and manipulation of the application's database, allowing attackers to retrieve, modify, or delete data at will.

Remediation

The Infoticketing team has fixed this vulnerability in the latest version.

Added: Feb 23, 2026, 10:18 AM

Updated: Feb 23, 2026, 6:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Infoticketing SQL Injection Vulnerability Allowing Unauthenticated Database Manipulation

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating