Vulnerabilities

Report: CVE-2026-48239 - Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter - Guide

2026-05-21 0 views admin

CVE ID :CVE-2026-48239 Published : May 21, 2026, 6:16 p.m. | 41 minutes ago Description :Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-48239

Severity

HIGH

Published

May 21, 2026

Affected Product: php

Impact: SQL injection

🏷️ Tags

report48239ticketsinjectionreportstick_idparameterguidecvesql injection

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-48239 - Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter - Guide

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: Ultimate Guide: CVE-2026-46473 - Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand

Report: CVE-2026-8134 - Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer cust

Report: CVE-2026-47114 - IINA < 1.4.3 Command Execution via iina://open URL Scheme

Report: Complete Guide to CVE-2026-4843 - GSheet For Woo Importer <= 2.3.1 - missing authorization to authenticated (subscr...

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting