Open ISES Tickets SQL Injection Vulnerability in Statistics Rollup Queries

A SQL injection vulnerability has been identified in Open ISES Tickets versions prior to 3.44.2. The issue resides in the ajax/statistics.php file, where the tick_id and f_tick_id POST parameters are improperly sanitized before being concatenated into the WHERE clauses of SELECT statements. This flaw allows authenticated attackers to manipulate the query logic, potentially leading to unauthorized access, modification, or deletion of database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, enabling attackers to interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to the ajax/statistics.php endpoint with crafted tick_id and f_tick_id parameters. The lack of proper sanitization will allow the injected SQL to be executed, manipulating the database query as intended.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.