CVE ID :CVE-2026-48235 Published : May 21, 2026, 6:16 p.m. | 41 minutes ago Description :Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and Google Latitude integration) are concatenated into UPDATE and INSERT statements without sanitization. An attacker able to compromise or impersonate the remote GPS tracker endpoint can inject SQL to manipulate the responder location, tracks, and assignment tables. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...