CVE-2026-4815

Name of the Vulnerable Software and Affected Versions Support Board version 3.7.7

Description A SQL Injection issue exists in Support Board. This allows an attacker to retrieve, create, update, and delete database information. The vulnerability is located in the '/supportboard/include/ajax.php' API endpoint, specifically through the calls[0][message ids][] parameter.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the '/supportboard/include/ajax.php' endpoint. Avoid using the calls[0][message ids][] parameter in the affected API endpoint until the issue is resolved.