CVE-2026-4815

HIGH

SQL Injection vulnerability in Support Board

Title source: cna

Description

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls[0][message_ids][]' parameter in '/supportboard/include/ajax.php' endpoint.

References (1)

Core 1

Core References

Patch patch

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-support-board-schiocco

Scores

CVSS v3 8.8

EPSS 0.0024

EPSS Percentile 15.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (3)

Schiocco/Support Board < 3.7.7

Schiocco/Support Board 3.7.8

schiocco/support_board < 3.7.8

Published Mar 25, 2026

Tracked Since Mar 25, 2026