Skip to main content

Open ISES Tickets EUVD-2026-31317

| CVE-2026-48237 HIGH
SQL Injection (CWE-89)
2026-05-21 VulnCheck GHSA-9cj2-jwj2-wxcc
PHP SQLi
7.1
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
May 21, 2026 - 18:35 vuln.today
Analysis Generated
May 21, 2026 - 18:35 vuln.today

DescriptionNVD

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

AnalysisAI

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate backend database queries via the message.php endpoint, enabling unauthorized read, modification, or destruction of database contents. The flaw stems from unsanitized concatenation of the frm_ticket_id and frm_resp_id POST parameters into SELECT and UPDATE statements. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all systems running Open ISES Tickets prior to version 3.44.2 and document data sensitivity. Within 7 days: Apply the vendor-released patch by upgrading to version 3.44.2 or later. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-31317 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy