Which versions of Open ISES Tickets are affected by EUVD-2026-31318?

Open ISES Tickets versions prior to 3.44.2 contain a SQL injection vulnerability accessible to authenticated users that could allow unauthorized database access or modification.. A patch is available.

How to fix or mitigate EUVD-2026-31318?

Within 24 hours: Identify all Open ISES Tickets installations and document their current versions. Within 7 days: Upgrade all affected instances to v3.44.2 or later. Within 30 days: Review application logs and database audit trails for suspicious query patterns or unauthorized access attempts during the vulnerability exposure period.

Open ISES Tickets EUVD-2026-31318

Q: What is the CVSS score of EUVD-2026-31318?

EUVD-2026-31318 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-48236 HIGH

SQL Injection (CWE-89)

2026-05-21 VulnCheck

GHSA-4837-8524-277g

PHP SQLi

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 18:34 vuln.today

Analysis Generated

May 21, 2026 - 18:34 vuln.today

DescriptionNVD

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

AnalysisAI

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate database queries via unsanitized POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) in db_loader.php, enabling read, modification, or destruction of database contents. The vendor confirms this is one of 19 SQL injection flaws patched in v3.44.2, reported by VulnCheck. …

RemediationAI

Within 24 hours: Identify all Open ISES Tickets installations and document their current versions. Within 7 days: Upgrade all affected instances to v3.44.2 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31318 vulnerability details – vuln.today

Back

Open ISES Tickets EUVD-2026-31318

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Open ISES Tickets EUVD-2026-31318

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code