CVE-2025-26241

Description

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.

PUBLISHED Reserved 2025-02-07 | Published 2025-05-05 | Updated 2025-05-05 | Assigner mitre

References

members.backbox.org/osticket-sql-injection-bypass/

cve.org (CVE-2025-26241)

nvd.nist.gov (CVE-2025-26241)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.