CVE-2022-31890

CRITICAL

osTicket-plugins audit_log < 2022-04-21 - SQL Injection via order Parameter in getOrder Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-31890. PoCs published by reewardius.

AI-analyzed exploit summary This repository contains a working proof-of-concept exploit for CVE-2022-31890, targeting osTicket's SQL injection vulnerability in the 'order' parameter of the audits.php page. The exploit uses time-based blind SQL injection to dump usernames and passwords from the os_staff table.

Description

SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.

Exploits (1)

nomisec WORKING POC
by reewardius · poc
https://github.com/reewardius/CVE-2022-31890

This repository contains a working proof-of-concept exploit for CVE-2022-31890, targeting osTicket's SQL injection vulnerability in the 'order' parameter of the audits.php page. The exploit uses time-based blind SQL injection to dump usernames and passwords from the os_staff table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: osTicket (version not specified, but likely <= 1.17.1)
Auth required
Prerequisites: Valid session cookie (OSTSESSID) · Access to the /scp/audits.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0150
EPSS Percentile 71.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
enhancesoft/audit_log < 2022-04-21
Published Apr 05, 2023
Tracked Since Feb 18, 2026