HarborGuard / CVE
Back to search
HIGHCVE-2026-48240Published Modified CNA VulnCheck

CVE-2026-48240: Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

Metrics

CVSS v4.0
7.1
Severity
HIGH
Fixed in
3.44.2
Affected Products
1

Fix available

3.44.2
Patch commits
Affected packages
  • Open ISES / Tickets
    < 3.44.2 (from 0)
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
References