SQL Injection vulnerability in Support Board

Description

A vulnerability was found in Schiocco Support Board up to 3.7.7. It has been declared as critical. The affected element is an unknown function of the file /supportboard/include/ajax.php of the component Parameter Handler. Executing a manipulation of the argument calls[0][message_ids][] can lead to sql injection. This vulnerability appears as CVE-2026-4815. The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.

Affected Products

Vendor	Product	Versions
Schiocco	Support Board	0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-support-board-schiocco(patch)

Related News (1 articles)

Tier C

VulDB3h ago

CVE-2026-4815 | Schiocco Support Board up to 3.7.7 Parameter ajax.php calls[0][message_ids][] sql injection

→ No new info (linked only)

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-89

Published3/25/2026

Last enriched2h agov2

Trending Score41

Source articles2

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Version History

Last enriched 2h ago

v2Tier C2h ago

Updated severity to CRITICAL, marked as actively exploited, and provided a more detailed description of the vulnerability.

descriptionseverityactivelyExploited

via VulDB

v14h ago

Initial creation