Vulnerabilities

Report: CVE-2026-48234 - Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort

2026-05-21 0 views admin

CVE ID :CVE-2026-48234 Published : May 21, 2026, 6:16 p.m. | 41 minutes ago Description :Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-48234

Severity

HIGH

Published

May 21, 2026

Affected Product: php

Impact: SQL injection

🏷️ Tags

report48234ticketsinjectionportallist_requestspublishedminutescvesql injection

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-48234 - Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: Ultimate Guide: CVE-2026-46473 - Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand

Report: CVE-2026-8134 - Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer cust

Report: CVE-2026-47114 - IINA < 1.4.3 Command Execution via iina://open URL Scheme

Report: Complete Guide to CVE-2026-4843 - GSheet For Woo Importer <= 2.3.1 - missing authorization to authenticated (subscr...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting