JoomSky JS Help Desk CVE-2026-24959
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
AnalysisAI
Blind SQL injection in JoomSky JS Help Desk through version 3.0.1 enables authenticated attackers to execute arbitrary SQL queries with network access and no user interaction required. The vulnerability affects database confidentiality and system availability, though integrity is not compromised. No patch is currently available for this high-severity flaw.
Technical ContextAI
Classified as CWE-89 (SQL Injection). Affects JoomSky JS Help Desk js-support-ticket. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through <= 3.0.1.
Affected ProductsAI
Product: JoomSky JS Help Desk js-support-ticket.
RemediationAI
Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today