cbcvebase.
CVE-2018-18923
published 2018-12-13

CVE-2018-18923: AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php…

PriorityP260critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.21%
86.6th percentile
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
abisoftgtticketly

Detection & IOCsextracted from sources · hover to see the quote

path/ticketly/action/addproject.php
path/ticketly/action/addticket.php
path/ticketly/reports.php
commandname=Test" RLIKE (SELECT (CASE WHEN (4632=4632) THEN 0x54657374 ELSE 0x28 END)) AND "lrmZ"="lrmZ&description=Test
  • Monitor POST requests to /ticketly/action/addproject.php for SQL injection patterns in the 'name', 'category_id', and 'description' parameters, particularly unbalanced or doubled quote characters (e.g., %22, %22%22).
  • Detect boolean-based blind SQLi attempts via RLIKE with CASE/WHEN constructs in POST body parameters targeting Ticketly endpoints.
  • Alert on HTTP 500 responses from /ticketly/action/addproject.php when the POST body contains a single URL-encoded double-quote (%22) in the 'name' parameter, as this is the error-triggering probe used by the exploit.
  • Vulnerable parameters span three endpoints: addproject.php (name, category_id, description), addticket.php (kind_id, priority_id, project_id, status_id, title), and reports.php (kind_id, status_id) — monitor all for SQLi payloads.
  • ·The exploit uses X-Requested-With: XMLHttpRequest header, indicating the vulnerable endpoints are AJAX-facing; WAF or logging rules must inspect XHR POST bodies, not just standard form submissions.
  • ·The vulnerability is unpatched as of the disclosure date; no vendor fix is available, so detection/blocking controls are the only mitigation.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.