Open ISES Tickets SQL Injection Vulnerability in message.php

A SQL injection vulnerability has been identified in Open ISES Tickets versions prior to 3.44.2. The issue resides in message.php, where the frm_ticket_id and frm_resp_id POST parameters are improperly sanitized before being concatenated into the WHERE clauses of SELECT and UPDATE statements. This vulnerability allows authenticated attackers to manipulate the SQL queries, potentially leading to unauthorized access, modification, or deletion of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to message.php with the frm_ticket_id and frm_resp_id parameters. Since these parameters are not properly sanitized, the application will execute the manipulated SQL query, allowing for SQL injection.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.