Which versions of Open ISES Tickets are affected by EUVD-2026-31314?

Open ISES Tickets versions prior to 3.44.2 contain a SQL injection vulnerability allowing authenticated users to read, modify, or destroy database contents, directly threatening organizational data…. A patch is available.

Open ISES Tickets EUVD-2026-31314

Q: What is the CVSS score of EUVD-2026-31314?

EUVD-2026-31314 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-48232 HIGH

SQL Injection (CWE-89)

2026-05-21 VulnCheck

GHSA-8jmr-cmr6-c62j

PHP SQLi

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 18:33 vuln.today

Analysis Generated

May 21, 2026 - 18:33 vuln.today

DescriptionNVD

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

AnalysisAI

SQL injection in Open ISES Tickets versions prior to 3.44.2 allows authenticated attackers to manipulate database queries through the unsanitized offset parameter in ajax/fullsit_incidents.php. The flaw enables reading, modifying, or destroying database contents and is part of a broader v3.44.2 security release that patched 19 SQL injection issues. …

RemediationAI

Within 24 hours: Inventory all Open ISES Tickets instances and document current versions; identify systems running pre-3.44.2 releases. Within 7 days: Test and validate Open ISES Tickets version 3.44.2 in a staging environment for compatibility. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31314 vulnerability details – vuln.today

Back

Open ISES Tickets EUVD-2026-31314

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Open ISES Tickets EUVD-2026-31314

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code