<excerpt>osTicket fails to validate / escape staff usernames which can be abused to execute a blind sql injection attack by an unauthenticated attacker</excerpt>.

-</p>

Make your website safer. Use external penetration testing service. First report ready in one hour!</p>

**Hidden Content: To see this hidden content your post count must be 1 or greater.**