Description
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Published: 2026-05-21
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Open ISES Tickets before version 3.44.2 contains a SQL injection flaw in the ajax/fullsit_incidents.php file where the offset GET parameter is concatenated directly into the LIMIT clause of a SELECT query without any sanitization. Because the query is executed in the context of an authenticated session, an attacker can craft requests that alter the semantics of the query and retrieve, modify, or delete data from the database. The weakness corresponds to CWE‑89 and compromises the confidentiality, integrity, and potentially the availability of the system if destructive operations are performed.

Affected Systems

All installations of Open ISES Tickets running any version prior to 3.44.2 are affected. The vulnerability applies to the public‑facing AJAX endpoint provided by the application and requires the attacker to be an authenticated user within the system.

Risk and Exploitability

The CVSS base score of 7.1 indicates a high severity of the flaw. While the EPSS score is currently not available, the vulnerability is listed as not part of the CISA KEV catalog, suggesting no publicly known exploits at the time of this assessment. The likely attack vector involves a legitimate, authenticated web request to the affected endpoint; therefore the exploitation risk is significant but confined to users with legitimate credentials. Prompt remediation is recommended to mitigate the potential for data exfiltration and corruption.

Generated by OpenCVE AI on May 21, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open ISES Tickets to version 3.44.2 or later, which removes the vulnerable offset handling.
  • Disable or restrict access to the ajax/fullsit_incidents.php endpoint so that only explicitly authorized roles can invoke it.
  • Implement input validation for the offset GET parameter to ensure it contains only valid integer values before inclusion in the LIMIT clause.

Generated by OpenCVE AI on May 21, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Title Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T18:14:45.263Z

Reserved: 2026-05-21T13:15:18.101Z

Link: CVE-2026-48232

cve-icon Vulnrichment

Updated: 2026-05-21T18:14:32.255Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:19.927

Modified: 2026-05-21T19:10:12.323

Link: CVE-2026-48232

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T19:00:14Z

Weaknesses