Listen to this Post
How the CVE Works
CVE-2025-26241 is a SQL injection vulnerability in osTicket <=1.17.5, specifically in the “Search” function of tickets.php. Attackers can exploit this flaw by manipulating the `keywords` and `topic_id` parameters in HTTP requests. When combined maliciously, these inputs bypass input sanitization, allowing arbitrary SQL command execution. Since authentication is required, attackers must first gain valid credentials. Successful exploitation leads to database manipulation, data theft, or server compromise.
DailyCVE Form
Platform: osTicket
Version: <=1.17.5
Vulnerability: SQL Injection
Severity: Critical
Date: 06/13/2025
Prediction: Patch by 07/20/2025
What Undercode Say
-- Example malicious payload keywords=test' UNION SELECT username,password FROM staff LIMIT 1--&topic_id=1
Check vulnerable version curl -I "http://target/osticket/tickets.php" | grep "X-Powered-By: osTicket"
How Exploit
1. Authenticate as low-privilege user.
2. Craft malicious search query with SQL payload.
3. Extract/admin credentials via UNION-based injection.
Protection from this CVE
- Update to osTicket >1.17.5
- Input sanitization
- WAF rules
Impact
- Full database compromise
- Privilege escalation
- Remote code execution
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
