A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
https://horizon3.ai/attack-research/attack-blogs/ticket-to-shell-exploiting-php-filters-and-cnext-in-osticket-cve-2026-22200/
https://members.backbox.org/osticket-sql-injection-bypass/
Source: Mitre, NVD
Published: 2025-05-05
Updated: 2025-06-13
Base Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
Severity: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
EPSS: 0.00031