CVE-2010-0605 in osTicket
Summary
by MITRE
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 04/30/2026
The vulnerability identified as CVE-2010-0605 represents a critical SQL injection flaw within the osTicket help desk system version 1.6.0 Stable and earlier. This vulnerability specifically affects the scp/ajax.php component of the application, which serves as a critical interface for staff operations within the ticketing system. The flaw enables authenticated users with staff permissions to manipulate database queries through malicious input parameters, creating a significant security risk that could compromise the entire underlying database infrastructure.
The technical nature of this vulnerability stems from improper input validation and sanitization within the ajax.php script. When staff members interact with the system through the staff control panel, the application fails to properly escape or validate user-supplied input before incorporating it into SQL query constructs. This allows an attacker with staff credentials to craft malicious input that gets directly executed as part of the database query, bypassing normal security controls and authentication mechanisms. The vulnerability operates at the application layer and specifically targets the database interaction component that handles AJAX requests for staff functionality.
From an operational perspective, this vulnerability poses severe risks to organizations relying on osTicket for customer support management. An attacker with staff-level access can execute arbitrary SQL commands, potentially leading to data exfiltration, data modification, or complete database compromise. The impact extends beyond simple information disclosure as the attacker could manipulate ticket records, access sensitive customer information, modify staff permissions, or even escalate privileges within the database. This vulnerability essentially provides a backdoor into the database layer, making it particularly dangerous for organizations handling sensitive customer data or proprietary business information.
The vulnerability aligns with CWE-89, which specifically addresses SQL injection flaws in software applications. It also maps to several ATT&CK techniques including T1071.004 for application layer protocol tunneling and T1566.001 for spearphishing through social engineering. Organizations should immediately implement the recommended mitigations including applying the official patch released by osTicket for version 1.6.0 Stable, implementing proper input validation and parameterized queries, and establishing network segmentation to limit access to database resources. Additionally, organizations should conduct thorough access control reviews to ensure staff permissions are properly managed and consider implementing database activity monitoring to detect anomalous query patterns that might indicate exploitation attempts.