SQL Injection vulnerability in Support Board

Description

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls[0][message_ids][]' parameter in '/supportboard/include/ajax.php' endpoint.

Affected Products

Vendor	Product	Versions
Schiocco	Support Board	0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-support-board-schiocco(patch)

Related News (1 articles)

Tier C

VulDB5h ago

CVE-2026-4815 | Schiocco Support Board up to 3.7.7 Parameter ajax.php calls[0][message_ids][] sql injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-89

Published3/25/2026

Last enriched4h agov2

Trending Score45

Source articles2

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL, marked as actively exploited, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v15h ago

Initial creation