Which versions of Open ISES Tickets are affected by CVE-2026-48233?

Open ISES Tickets versions prior to 3.44.2 contain a SQL injection vulnerability accessible to authenticated users that enables unauthorized database manipulation and potential exposure of sensitive…. A patch is available.

How to fix or mitigate CVE-2026-48233?

Within 24 hours: Inventory all instances of Open ISES Tickets and document current versions. Within 7 days: Apply vendor patch and upgrade all affected systems to Open ISES Tickets 3.44.2 or later. Within 30 days: Perform full database integrity audit and review application logs for suspicious query patterns dating back to deployment of the affected version.

Open ISES Tickets CVE-2026-48233

Q: What is the CVSS score of CVE-2026-48233?

CVE-2026-48233 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-31313 HIGH

SQL Injection (CWE-89)

2026-05-21 VulnCheck

GHSA-98vj-g6hr-4rr2

PHP SQLi

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 18:32 vuln.today

Analysis Generated

May 21, 2026 - 18:32 vuln.today

DescriptionNVD

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

AnalysisAI

SQL injection in Open ISES Tickets prior to 3.44.2 allows authenticated attackers to manipulate database queries via the unsanitized 'offset' GET parameter in ajax/sit_incidents.php, which is concatenated directly into a LIMIT clause. Successful exploitation enables reading, modifying, or destroying database contents. …

RemediationAI

Within 24 hours: Inventory all instances of Open ISES Tickets and document current versions. Within 7 days: Apply vendor patch and upgrade all affected systems to Open ISES Tickets 3.44.2 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-48233 vulnerability details – vuln.today

Back

Open ISES Tickets CVE-2026-48233

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Open ISES Tickets CVE-2026-48233

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code