Open ISES Tickets SQL Injection Vulnerability in Database Loader

A SQL injection vulnerability has been identified in Open ISES Tickets versions prior to 3.44.2. The issue resides in 'db_loader.php', where multiple POST parameters are improperly sanitized and concatenated into MySQLi connection arguments. This flaw allows authenticated attackers to manipulate SQL query semantics, potentially leading to unauthorized access, modification, or deletion of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to the 'db_loader.php' file. The request must include the 'ticketsdb', 'ticketshost', 'ticketsuser', and 'ticketspassword' parameters. These parameters will be concatenated into the MySQLi connection arguments without proper sanitization, allowing the attacker to inject malicious SQL that could be executed against an attacker-controlled database.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.