Open ISES Tickets SQL Injection Vulnerability in ajax/mobile_main.php

A SQL injection vulnerability has been identified in Open ISES Tickets versions prior to 3.44.2. The issue resides in the file ajax/mobile_main.php, where the id GET parameter is improperly concatenated into the WHERE clause of a SELECT statement used to check ticket existence. This lack of sanitization allows authenticated attackers to manipulate the query, potentially leading to unauthorized access, modification, or deletion of database content.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to read, modify, or delete database information.

Reproduction

To reproduce this vulnerability, send a crafted request to ajax/mobile_main.php with an unsanitized id GET parameter. The SQL injection can be exploited by manipulating the query to alter its intended logic, potentially accessing or modifying database records.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.