Which versions of Open ISES Tickets are affected by EUVD-2026-31320?

Open ISES Tickets versions prior to 3.44.2 contain a SQL injection vulnerability in the incident reporting interface that allows authenticated users to read, modify, or destroy incident data.. A patch is available.

Open ISES Tickets EUVD-2026-31320

Q: What is the CVSS score of EUVD-2026-31320?

EUVD-2026-31320 has a CVSS 4.0 base score of 7.1 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-48239 HIGH

SQL Injection (CWE-89)

2026-05-21 VulnCheck

GHSA-v5r4-5jjv-84fg

PHP SQLi

7.1

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 21, 2026 - 18:35 vuln.today

Analysis Generated

May 21, 2026 - 18:35 vuln.today

DescriptionNVD

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

AnalysisAI

SQL injection in Open ISES Tickets before 3.44.2 lets authenticated users tamper with the incidents summary report query via the tick_id POST parameter in ajax/reports.php, enabling arbitrary read, modification, or destruction of database contents. The v3.44.2 release notes confirm the fix was part of a broader security overhaul addressing 19 SQL injection flaws and 69 XSS issues. …

RemediationAI

Within 24 hours: Identify and document all Open ISES Tickets deployments and their current versions. Within 7 days: Upgrade all instances to version 3.44.2 or later; restrict POST access to ajax/reports.php to essential incident response personnel only. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-31320 vulnerability details – vuln.today

Back

Open ISES Tickets EUVD-2026-31320

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Open ISES Tickets EUVD-2026-31320

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code