Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/AbstractFactoryInterface.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/AbstractFactoryInterface.php@@ -1,10 +1,6 @@ <?php-/**- * @see https://github.com/laminas/laminas-servicemanager for the canonical source repository- * @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License- */+declare(strict_types=1); namespace Laminas\ServiceManager;@@ -17,11 +13,11 @@ * * - rename the method `canCreateServiceWithName()` to `canCreate()`, and: * - rename the `$serviceLocator` argument to `$container`, and change the- * typehint to `Interop\Container\ContainerInterface`+ * typehint to `Psr\Container\ContainerInterface` * - merge the `$name` and `$requestedName` arguments * - rename the method `createServiceWithName()` to `__invoke()`, and: * - rename the `$serviceLocator` argument to `$container`, and change the- * typehint to `Interop\Container\ContainerInterface`+ * typehint to `Psr\Container\ContainerInterface` * - merge the `$name` and `$requestedName` arguments * - add the optional `array $options = null` argument. * - create a `canCreateServiceWithName()` method as defined in this interface, and have it@@ -40,9 +36,8 @@ /** * Determine if we can create a service with name *- * @param ServiceLocatorInterface $serviceLocator- * @param $name- * @param $requestedName+ * @param string $name+ * @param string $requestedName * @return bool */ public function canCreateServiceWithName(ServiceLocatorInterface $serviceLocator, $name, $requestedName);@@ -50,9 +45,8 @@ /** * Create service with name *- * @param ServiceLocatorInterface $serviceLocator- * @param $name- * @param $requestedName+ * @param string $name+ * @param string $requestedName * @return mixed */ public function createServiceWithName(ServiceLocatorInterface $serviceLocator, $name, $requestedName);
Analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be primarily documentation improvements and type system updates. Here's the analysis: 1. Vulnerability Existed: no Documentation Improvements [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/AbstractFactoryInterface.php] [Lines 40-45, 50-55] Old Code: Parameters without type hints or descriptions Fixed Code: Added parameter type hints and better documentation 2. Vulnerability Existed: no Type System Update [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/AbstractFactoryInterface.php] [Lines 17,21] Old Code: References to `Interop\Container\ContainerInterface` Fixed Code: Updated to `Psr\Container\ContainerInterface` 3. Vulnerability Existed: no Strict Types Declaration [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/AbstractFactoryInterface.php] [Lines 1-5] Old Code: License/copyright header Fixed Code: Added `declare(strict_types=1)` The changes appear to be focused on: 1. Adding strict type declarations 2. Updating to PSR standards 3. Improving documentation 4. Removing outdated license headers None of these changes appear to address security vulnerabilities, but rather improve code quality and maintainability.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/Iban.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/Iban.php@@ -1,30 +1,34 @@ <?php--/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Validator; use Laminas\Stdlib\ArrayUtils; use Traversable;++use function array_key_exists;+use function in_array;+use function intval;+use function is_string;+use function preg_match;+use function str_replace;+use function strlen;+use function strtoupper;+use function substr; /** * Validates IBAN Numbers (International Bank Account Numbers) */ class Iban extends AbstractValidator {- const NOTSUPPORTED = 'ibanNotSupported';- const SEPANOTSUPPORTED = 'ibanSepaNotSupported';- const FALSEFORMAT = 'ibanFalseFormat';- const CHECKFAILED = 'ibanCheckFailed';+ public const NOTSUPPORTED = 'ibanNotSupported';+ public const SEPANOTSUPPORTED = 'ibanSepaNotSupported';+ public const FALSEFORMAT = 'ibanFalseFormat';+ public const CHECKFAILED = 'ibanCheckFailed'; /** * Validation failure message template definitions *- * @var array+ * @var array<string, string> */ protected $messageTemplates = [ self::NOTSUPPORTED => 'Unknown country within the IBAN',@@ -50,12 +54,45 @@ /** * The SEPA country codes *- * @var array<ISO 3166-1>+ * @var string[] ISO 3166-1 codes */ protected static $sepaCountries = [- 'AT', 'BE', 'BG', 'CY', 'CZ', 'DK', 'FO', 'GL', 'EE', 'FI', 'FR', 'DE',- 'GI', 'GR', 'HU', 'IS', 'IE', 'IT', 'LV', 'LI', 'LT', 'LU', 'MT', 'MC',- 'NL', 'NO', 'PL', 'PT', 'RO', 'SK', 'SI', 'ES', 'SE', 'CH', 'GB', 'SM',+ 'AT',+ 'BE',+ 'BG',+ 'CY',+ 'CZ',+ 'DK',+ 'FO',+ 'GL',+ 'EE',+ 'FI',+ 'FR',+ 'DE',+ 'GI',+ 'GR',+ 'HU',+ 'IS',+ 'IE',+ 'IT',+ 'LV',+ 'LI',+ 'LT',+ 'LU',+ 'MT',+ 'MC',+ 'NL',+ 'NO',+ 'PL',+ 'PT',+ 'RO',+ 'SK',+ 'SI',+ 'ES',+ 'SE',+ 'CH',+ 'GB',+ 'SM', 'HR', ];@@ -116,6 +153,7 @@ 'MU' => 'MU[0-9]{2}[A-Z]{4}[0-9]{2}[0-9]{2}[0-9]{12}[0-9]{3}[A-Z]{3}', 'NL' => 'NL[0-9]{2}[A-Z]{4}[0-9]{10}', 'NO' => 'NO[0-9]{2}[0-9]{4}[0-9]{6}[0-9]{1}',+ 'UA' => 'UA[0-9]{2}[0-9]{6}[0-9]{19}', 'PK' => 'PK[0-9]{2}[A-Z]{4}[A-Z0-9]{16}', 'PL' => 'PL[0-9]{2}[0-9]{8}[0-9]{16}', 'PS' => 'PS[0-9]{2}[A-Z]{4}[A-Z0-9]{21}',@@ -249,10 +287,62 @@ $format = substr($value, 4) . substr($value, 0, 4); $format = str_replace(- ['A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M',- 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z'],- ['10', '11', '12', '13', '14', '15', '16', '17', '18', '19', '20', '21', '22',- '23', '24', '25', '26', '27', '28', '29', '30', '31', '32', '33', '34', '35'],+ [+ 'A',+ 'B',+ 'C',+ 'D',+ 'E',+ 'F',+ 'G',+ 'H',+ 'I',+ 'J',+ 'K',+ 'L',+ 'M',+ 'N',+ 'O',+ 'P',+ 'Q',+ 'R',+ 'S',+ 'T',+ 'U',+ 'V',+ 'W',+ 'X',+ 'Y',+ 'Z',+ ],+ [+ '10',+ '11',+ '12',+ '13',+ '14',+ '15',+ '16',+ '17',+ '18',+ '19',+ '20',+ '21',+ '22',+ '23',+ '24',+ '25',+ '26',+ '27',+ '28',+ '29',+ '30',+ '31',+ '32',+ '33',+ '34',+ '35',+ ], $format );@@ -264,7 +354,7 @@ $temp %= 97; }- if ($temp != 1) {+ if ($temp !== 1) { $this->error(self::CHECKFAILED); return false; }
Analyzing the provided code diff, here are the potential security vulnerabilities:
1. Vulnerability Existed: not sure
[Potential Information Disclosure] [include/laminas-mail/vendor/laminas/laminas-validator/src/Iban.php] [Lines: 1-9]
[Old Code: Contains copyright and license information]
[Fixed Code: Removed copyright and license information]
Note: While not a direct security vulnerability, removing copyright/license information could potentially lead to licensing compliance issues.
2. Vulnerability Existed: yes
[Constant Visibility Vulnerability] [include/laminas-mail/vendor/laminas/laminas-validator/src/Iban.php] [Lines: 22-25]
[Old Code: `const NOTSUPPORTED = 'ibanNotSupported';`]
[Fixed Code: `public const NOTSUPPORTED = 'ibanNotSupported';`]
Note: The change from implicit public visibility to explicit public visibility for constants improves code clarity and maintainability, though it's more of a best practice than a security fix.
3. Vulnerability Existed: yes
[Type Safety Improvement] [include/laminas-mail/vendor/laminas/laminas-validator/src/Iban.php] [Lines: 354]
[Old Code: `if ($temp != 1) {`]
[Fixed Code: `if ($temp !== 1) {`]
Note: The change from loose comparison (`!=`) to strict comparison (`!==`) improves type safety and prevents potential type juggling issues.
4. Vulnerability Existed: not sure
[Input Validation Improvement] [include/laminas-mail/vendor/laminas/laminas-validator/src/Iban.php] [Lines: 153]
[Old Code: No UA (Ukraine) IBAN format]
[Fixed Code: Added `'UA' => 'UA[0-9]{2}[0-9]{6}[0-9]{19}'`]
Note: Adding support for Ukrainian IBANs improves validation coverage but doesn't appear to be a direct security fix.
The most significant security-related change is the switch to strict comparison (vulnerability #3), which helps prevent potential type juggling issues. The other changes appear to be primarily code quality improvements rather than direct security fixes.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Exception/OutOfBoundsException.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Exception/OutOfBoundsException.php@@ -1,10 +1,4 @@ <?php--/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mail\Exception;
Based on the provided diff, I'll analyze it for security fixes:
Vulnerability Existed: no
No specific vulnerability [include/laminas-mail/src/Exception/OutOfBoundsException.php] [Lines 1-10]
[Old Code]
<?php
/**
* @see https://github.com/laminas/laminas-mail for the canonical source repository
* @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License
*/
[Fixed Code]
<?php
The changes shown in the diff only remove documentation comments (license and copyright information) and don't appear to address any security vulnerabilities. The modification is purely related to code documentation rather than security fixes. There are no functional code changes that would indicate a security fix.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/psr/container/src/NotFoundExceptionInterface.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/psr/container/src/NotFoundExceptionInterface.php@@ -1,7 +1,4 @@ <?php-/**- * @license http://www.opensource.org/licenses/mit-license.php MIT (see the LICENSE file)- */ namespace Psr\Container;
Based on the provided diff, I'll analyze it for potential security vulnerabilities:
1. Vulnerability Existed: no
License Comment Removal [include/laminas-mail/vendor/psr/container/src/NotFoundExceptionInterface.php] [Lines 1-4]
Old Code:
```
<?php
/**
* @license http://www.opensource.org/licenses/mit-license.php MIT (see the LICENSE file)
*/
```
Fixed Code:
```
<?php
```
Additional Details:
- The change only removes a license comment block, which doesn't affect security
- No actual code changes were made to the interface
- The MIT license reference was removed, but this doesn't constitute a security vulnerability
- The interface itself remains unchanged in functionality
No security vulnerabilities were introduced or fixed in this diff. The change appears to be purely cosmetic/documentation related.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/composer.json+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/composer.json@@ -16,47 +16,44 @@ "forum": "https://discourse.laminas.dev" }, "config": {- "sort-packages": true+ "sort-packages": true,+ "platform": {+ "php": "8.1.99"+ },+ "allow-plugins": {+ "dealerdirect/phpcodesniffer-composer-installer": true+ } }, "extra": {- "branch-alias": {- "dev-master": "2.13.x-dev",- "dev-develop": "2.14.x-dev"- }, "laminas": { "component": "Laminas\\Validator", "config-provider": "Laminas\\Validator\\ConfigProvider" } }, "require": {- "php": "^7.1",- "container-interop/container-interop": "^1.1",- "laminas/laminas-stdlib": "^3.2.1",- "laminas/laminas-zendframework-bridge": "^1.0"+ "php": "~8.1.0 || ~8.2.0 || ~8.3.0",+ "laminas/laminas-servicemanager": "^3.21.0",+ "laminas/laminas-stdlib": "^3.13",+ "psr/http-message": "^1.0.1 || ^2.0.0" }, "require-dev": {- "laminas/laminas-cache": "^2.6.1",- "laminas/laminas-coding-standard": "~1.0.0",- "laminas/laminas-config": "^2.6",- "laminas/laminas-db": "^2.7",- "laminas/laminas-filter": "^2.6",- "laminas/laminas-http": "^2.5.4",- "laminas/laminas-i18n": "^2.6",- "laminas/laminas-math": "^2.6",- "laminas/laminas-servicemanager": "^2.7.5 || ^3.0.3",- "laminas/laminas-session": "^2.8",- "laminas/laminas-uri": "^2.5",- "phpunit/phpunit": "^7.5.20 || ^8.5.2",- "psr/http-client": "^1.0",- "psr/http-factory": "^1.0",- "psr/http-message": "^1.0"+ "laminas/laminas-coding-standard": "^2.5",+ "laminas/laminas-db": "^2.20",+ "laminas/laminas-filter": "^2.35.2",+ "laminas/laminas-i18n": "^2.26.0",+ "laminas/laminas-session": "^2.20",+ "laminas/laminas-uri": "^2.11.0",+ "phpunit/phpunit": "^10.5.20",+ "psalm/plugin-phpunit": "^0.19.0",+ "psr/http-client": "^1.0.3",+ "psr/http-factory": "^1.1.0",+ "vimeo/psalm": "^5.24.0" }, "suggest": { "laminas/laminas-db": "Laminas\\Db component, required by the (No)RecordExists validator", "laminas/laminas-filter": "Laminas\\Filter component, required by the Digits validator", "laminas/laminas-i18n": "Laminas\\I18n component to allow translation of validation error messages", "laminas/laminas-i18n-resources": "Translations of validator messages",- "laminas/laminas-math": "Laminas\\Math component, required by the Csrf validator", "laminas/laminas-servicemanager": "Laminas\\ServiceManager component to allow using the ValidatorPluginManager and validator chains", "laminas/laminas-session": "Laminas\\Session component, ^2.8; required by the Csrf validator", "laminas/laminas-uri": "Laminas\\Uri component, required by the Uri and Sitemap\\Loc validators",@@ -80,9 +77,10 @@ "cs-check": "phpcs", "cs-fix": "phpcbf", "test": "phpunit --colors=always",- "test-coverage": "phpunit --colors=always --coverage-clover clover.xml"+ "test-coverage": "phpunit --colors=always --coverage-clover clover.xml",+ "static-analysis": "psalm --shepherd --stats" },- "replace": {- "zendframework/zend-validator": "^2.13.0"+ "conflict": {+ "zendframework/zend-validator": "*" } }
Here's the analysis of the provided code diff for security fixes:
1. Vulnerability Existed: not sure
PHP Version Requirement Update [include/laminas-mail/vendor/laminas/laminas-validator/composer.json] [Lines 16, 31]
Old Code: `"php": "^7.1"`
Fixed Code: `"php": "~8.1.0 || ~8.2.0 || ~8.3.0"`
Additional Details: The PHP version requirement was updated from PHP 7.1 to PHP 8.1+. While this isn't a direct security fix, it ensures the package is used with more secure PHP versions that receive security updates.
2. Vulnerability Existed: not sure
Dependency Updates [include/laminas-mail/vendor/laminas/laminas-validator/composer.json] [Multiple Lines]
Old Code: Various older versions of dependencies
Fixed Code: Updated versions of dependencies (e.g., laminas/laminas-servicemanager from ^2.7.5 || ^3.0.3 to ^3.21.0)
Additional Details: Many dependencies were updated to newer versions, which likely include security fixes and improvements, though specific vulnerabilities aren't mentioned.
3. Vulnerability Existed: not sure
Container-interop Removal [include/laminas-mail/vendor/laminas/laminas-validator/composer.json] [Lines 31]
Old Code: `"container-interop/container-interop": "^1.1"`
Fixed Code: (removed)
Additional Details: The container-interop package was removed, which might indicate it was deprecated or had known issues, though no specific vulnerability is mentioned.
4. Vulnerability Existed: not sure
Conflict Declaration Added [include/laminas-mail/vendor/laminas/laminas-validator/composer.json] [Lines 80]
Old Code: `"replace": { "zendframework/zend-validator": "^2.13.0" }`
Fixed Code: `"conflict": { "zendframework/zend-validator": "*" }`
Additional Details: The change from "replace" to "conflict" might indicate potential version conflicts or security issues with the old zendframework package.
Note: While there are significant changes in the composer.json file, most appear to be dependency updates and PHP version requirement changes rather than direct security fixes. The updates likely include security improvements, but without specific vulnerability references in the diff, we can't be certain about particular vulnerabilities being fixed.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-stdlib/composer.json+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-stdlib/composer.json@@ -16,22 +16,25 @@ "forum": "https://discourse.laminas.dev" }, "config": {- "sort-packages": true+ "sort-packages": true,+ "platform": {+ "php": "8.1.99"+ },+ "allow-plugins": {+ "dealerdirect/phpcodesniffer-composer-installer": true+ } }, "extra": {- "branch-alias": {- "dev-master": "3.2.x-dev",- "dev-develop": "3.3.x-dev"- } }, "require": {- "php": "^5.6 || ^7.0",- "laminas/laminas-zendframework-bridge": "^1.0"+ "php": "~8.1.0 || ~8.2.0 || ~8.3.0" }, "require-dev": {- "laminas/laminas-coding-standard": "~1.0.0",- "phpbench/phpbench": "^0.13",- "phpunit/phpunit": "^5.7.27 || ^6.5.8 || ^7.1.2"+ "laminas/laminas-coding-standard": "^2.5",+ "phpbench/phpbench": "^1.2.15",+ "phpunit/phpunit": "^10.5.8",+ "psalm/plugin-phpunit": "^0.18.4",+ "vimeo/psalm": "^5.20.0" }, "autoload": { "psr-4": {@@ -51,10 +54,11 @@ ], "cs-check": "phpcs", "cs-fix": "phpcbf",+ "static-analysis": "psalm --shepherd --stats", "test": "phpunit --colors=always", "test-coverage": "phpunit --colors=always --coverage-clover clover.xml" },- "replace": {- "zendframework/zend-stdlib": "self.version"+ "conflict": {+ "zendframework/zend-stdlib": "*" } }
Here's the analysis of the provided code diff following the specified format:
1. Vulnerability Existed: not sure
[PHP Version Requirement Update] [include/laminas-mail/vendor/laminas/laminas-stdlib/composer.json] [Lines: require section]
[Old Code] "php": "^5.6 || ^7.0"
[Fixed Code] "php": "~8.1.0 || ~8.2.0 || ~8.3.0"
Additional Details: While not a direct vulnerability fix, this update removes support for outdated PHP versions (5.6 and 7.x) which may have known security issues.
2. Vulnerability Existed: not sure
[Dependency Version Updates] [include/laminas-mail/vendor/laminas/laminas-stdlib/composer.json] [Lines: require-dev section]
[Old Code] Various outdated dependencies
[Fixed Code] Updated dependency versions
Additional Details: The update includes newer versions of testing/analysis tools (phpunit, phpbench, psalm), which may include security fixes from their respective projects.
3. Vulnerability Existed: not sure
[Package Conflict Specification] [include/laminas-mail/vendor/laminas/laminas-stdlib/composer.json] [Lines: conflict section]
[Old Code] "replace": { "zendframework/zend-stdlib": "self.version" }
[Fixed Code] "conflict": { "zendframework/zend-stdlib": "*" }
Additional Details: This change better specifies package conflicts, which could prevent potential dependency confusion issues.
4. Vulnerability Existed: not sure
[Composer Config Security Settings] [include/laminas-mail/vendor/laminas/laminas-stdlib/composer.json] [Lines: config section]
[Old Code] Basic config
[Fixed Code] Added platform requirements and allow-plugins
Additional Details: The added "allow-plugins" configuration helps prevent arbitrary code execution via composer plugins.
Note: While none of these changes directly address specific named vulnerabilities, they collectively improve the security posture by:
1. Removing support for outdated PHP versions
2. Updating dependencies to newer versions that likely contain security fixes
3. Adding explicit plugin permission controls
4. Better specifying package conflicts
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.