Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
AnalysisAI
SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate database queries via unsanitized POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) in db_loader.php, enabling read, modification, or destruction of database contents. The vendor confirms this is one of 19 SQL injection flaws patched in v3.44.2, reported by VulnCheck. No public exploit identified at time of analysis, and the vulnerability requires low-privilege authentication (PR:L per CVSS 4.0 vector).
Technical ContextAI
Open ISES Tickets is a PHP-based ticketing/mapping application that uses MySQLi for database connectivity. The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), where db_loader.php concatenates user-controlled POST parameters directly into mysqli connection arguments and dynamic SQL statements without parameterization or input sanitization. Per the CPE string cpe:2.3:a:open_ises:tickets:*, all versions of the tickets product prior to 3.44.2 are affected, and the v3.44.2 release notes confirm a sweeping security overhaul addressing 19 SQLi flaws across 11 files alongside 69 XSS issues, hardcoded secret removal, and SSL validation fixes.
RemediationAI
Vendor-released patch: upgrade to Open ISES Tickets version 3.44.2 or later, available at https://github.com/openises/tickets/releases/tag/v3.44.2, which addresses this and 87 other security issues; the specific fix commit is https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff. Docker deployments can upgrade with 'docker compose pull && docker compose up -d', while traditional installs should extract the new zip over the existing install and run the installer in Upgrade mode. If immediate patching is not possible, restrict access to db_loader.php at the web server or WAF layer (e.g., deny POST requests to /db_loader.php from untrusted networks) and tighten authentication to limit which users can reach the database loader endpoint - note that blocking db_loader.php may break legitimate database configuration workflows and require admin involvement to reconfigure.
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Rated critical severity (C
Roundcube Webmail contains a critical PHP object deserialization vulnerability (CVE-2025-49113, CVSS 9.9) that allows au
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP c
Palo Alto Networks PAN-OS management web interface contains an authentication bypass allowing unauthenticated attackers
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
Nagios XI version xi-5.7.5 is affected by OS command injection. Rated high severity (CVSS 8.8), this vulnerability is re
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
NetAlertX (formerly PiAlert) versions 23.01.14 through 24.x before 24.10.12 allow unauthenticated command injection thro
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31318
GHSA-4837-8524-277g