Open ISES Tickets SQL Injection Vulnerability in ajax/sit_incidents.php

A SQL injection vulnerability has been identified in Open ISES Tickets versions prior to 3.44.2. The issue resides in the ajax/sit_incidents.php file, where the offset GET parameter is improperly concatenated into the LIMIT clause of a SQL SELECT statement without adequate sanitization. This vulnerability allows authenticated attackers to manipulate the query execution to read, modify, or delete database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, an authenticated user can send a request to the ajax/sit_incidents.php endpoint with a crafted offset GET parameter. The lack of proper input sanitization will allow the injected SQL to be executed, manipulating the database query as intended by the attacker.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.