CVE-2018-18923
published 2018-12-13CVE-2018-18923: AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php…
PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.21%
86.6th percentile
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| abisoftgt | ticketly | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandname=Test" RLIKE (SELECT (CASE WHEN (4632=4632) THEN 0x54657374 ELSE 0x28 END)) AND "lrmZ"="lrmZ&description=Test↗
- →Monitor POST requests to /ticketly/action/addproject.php for SQL injection patterns in the 'name', 'category_id', and 'description' parameters, particularly unbalanced or doubled quote characters (e.g., %22, %22%22). ↗
- →Detect boolean-based blind SQLi attempts via RLIKE with CASE/WHEN constructs in POST body parameters targeting Ticketly endpoints. ↗
- →Alert on HTTP 500 responses from /ticketly/action/addproject.php when the POST body contains a single URL-encoded double-quote (%22) in the 'name' parameter, as this is the error-triggering probe used by the exploit. ↗
- →Vulnerable parameters span three endpoints: addproject.php (name, category_id, description), addticket.php (kind_id, priority_id, project_id, status_id, title), and reports.php (kind_id, status_id) — monitor all for SQLi payloads. ↗
- ·The exploit uses X-Requested-With: XMLHttpRequest header, indicating the vulnerable endpoints are AJAX-facing; WAF or logging rules must inspect XHR POST bodies, not just standard form submissions. ↗
- ·The vulnerability is unpatched as of the disclosure date; no vendor fix is available, so detection/blocking controls are the only mitigation. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ticketly 1.0 - 'kind_id' SQL Injection
exploitdb·2018-11-26
CVE-2018-18923 Ticketly 1.0 - 'kind_id' SQL Injection
Ticketly 1.0 - 'kind_id' SQL Injection
---
# Exploit Title: Ticketly 1.0 – Multiple SQL Injection
# Exploit Author: Javier Olmedo
# Website: https://hackpuntes.com
# Date: 2018-11-19
# Google Dork: N/A
# Vendor: Abisoft (https://abisoftgt.net)
# Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql
# Affected Version: 1.0
# Patched Version: unpatched
# Category: Web Application
# Platform: Windows & Ubuntu
# Tested on: Win10x64 & Kali Linux
# CVE: 2018-18923
# 1. Technical Description:
# Ticketly 1.0 are affected by SQL Injection in multiple parameters and
# resources through POST. This allows a attacker to read and modify
# sensitive information from the database used by the application.
# 2. Proof Of Concept (PoC):
# 2.1 The following POST reque
Exploit-DB
Ticketly 1.0 - 'name' SQL Injection
exploitdb·2018-11-21
Ticketly 1.0 - 'name' SQL Injection
Ticketly 1.0 - 'name' SQL Injection
---
# Exploit Title: Ticketly 1.0 – 'name' SQL Injection
# Exploit Author: Javier Olmedo
# Website: https://hackpuntes.com
# Date: 2018-11-19
# Google Dork: N/A
# Vendor: Abisoft (https://abisoftgt.net)
# Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql
# Affected Version: 1.0
# Patched Version: unpatched
# Category: Web Application
# Platform: Windows & Ubuntu
# Tested on: Win10x64 & Kali Linux
# 6. References:
# https://hackpuntes.com/cve-2018-18923-ticketly-1-0-multiples-sql-injections/
# CVE: N/A
# 1. Technical Description:
# Ticketly 1.0 are affected by SQL Injection in multiple parameters and
# resources through POST. This allows a attacker to read and modify
# sensitive information from the database u
No writeups or analysis indexed.
2018-12-13
Published