This vulnerability in JoomSky JS Help Desk (js-support-ticket) versions up to 2.9.2 is caused by improper neutralization of special elements in SQL commands, enabling SQL Injection attacks. The vulnerability allows remote attackers to execute crafted SQL queries without authentication or user interaction, potentially exposing sensitive data. The CVSS 3.1 vector indicates the attack can be performed over the network with low attack complexity and no privileges required, resulting in a confidentiality breach and minor availability impact. No vendor patch or mitigation guidance has been provided yet.

Successful exploitation can lead to unauthorized disclosure of sensitive information from the backend database due to SQL Injection. The vulnerability does not directly affect integrity but can cause partial denial of service (availability impact is low). There is no evidence of active exploitation in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting exposure of the affected JS Help Desk installation to untrusted networks and monitor for unusual database activity. Avoid public-facing deployment without additional protective controls such as web application firewalls configured to detect SQL Injection attempts.