CVE-2021-45811
published 2023-09-08CVE-2021-45811: A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL…
PriorityP349medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
2.81%
84.7th percentile
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| enhancesoft | osticket | 1.15 – 1.15.8 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The SQLi payload is delivered via the 'keywords' and 'topic_id' URL parameters on tickets.php?a=search — monitor GET requests to this endpoint with anomalous values such as single quotes or arithmetic expressions in these parameters ↗
- →Extract the CSRF token from the login page body using the pattern '__CSRFToken__" value="(.*?)"' before the attack sequence — a two-step flow (login then SQLi) is characteristic of this exploit chain ↗
- →Shodan/FOFA fingerprint for exposed osTicket instances: search for title:"osTicket" (Shodan) or title="osticket" (FOFA) to identify attack surface ↗
- ·Exploitation requires prior authentication — the attacker must successfully log in via /scp/login.php before the SQLi request to /tickets.php is issued ↗
- ·The vulnerability is version-scoped to osTicket 1.15.x only; detections should be tuned to confirmed affected version ranges ↗
- ·The exploit is a two-step HTTP flow: step 1 fetches the CSRF token from the login page, step 2 authenticates and then fires the SQLi — single-request detections will miss the full chain ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
osTicket 1.15.x - SQL Injection
nuclei·CVSS 6.5
CVE-2021-45811 [MEDIUM] osTicket 1.15.x - SQL Injection
osTicket 1.15.x - SQL Injection
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
Template:
id: CVE-2021-45811
info:
name: osTicket 1.15.x - SQL Injection
author: ritikchaddha
severity: medium
description: |
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
impact: |
Authenticated attackers can exploit SQL injection in the Search functionality to extract sensitive database contents including user credentials and ticket information.
reme
No writeups or analysis indexed.
2023-09-08
Published