CVE-2025-26241 Information

Description

A SQL injection vulnerability in the \Search\ functionality of ickets.php\ page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the \keywords\ and opic_id\ URL parameters combination.

Reference

https://members.backbox.org/osticket-sql-injection-bypass/