This vulnerability involves improper neutralization of special elements in SQL commands within JoomSky JS Help Desk (js-support-ticket), enabling blind SQL injection attacks. It affects versions up to and including 3.0.1. The vulnerability can be exploited remotely over the network by an attacker with low privileges and does not require user interaction. The CVSS 3.1 score is 8.5, reflecting high confidentiality impact, no integrity impact, and low availability impact.

Successful exploitation could allow an attacker to extract sensitive information from the backend database without altering data or causing significant denial of service. The confidentiality impact is high, while integrity impact is none and availability impact is low. There are no reports of active exploitation in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor the vendor's communications for updates. Until a fix is available, consider restricting access to the affected application and applying web application firewall rules to detect and block SQL injection attempts specific to this product.