Description
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Published: 2026-05-21
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the portal/ajax/list_requests.php script, where the sort and dir GET parameters are concatenated directly into the ORDER BY clause without sanitization. This allows an attacker who is authenticated to the application to control the query order and inject arbitrary SQL, potentially reading, modifying, or deleting database records, thereby compromising data confidentiality, integrity, and availability.

Affected Systems

Open ISES Tickets application versions prior to 3.44.2 are affected. The issue is present in all installations using the unsecured portal/ajax/list_requests.php endpoint.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity flaw. EPSS data is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector requires authenticated access to the application; an attacker can supply crafted sort and dir values in the URL, resulting in an arbitrary SQL execution attack. Because no additional privileges are required beyond normal user authentication, the risk to organizations that rely on this product is significant if the affected version remains in use.

Generated by OpenCVE AI on May 21, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open ISES Tickets to version 3.44.2 or later, where the ORDER BY parameters are properly validated.
  • Limit access to the portal/ajax/list_requests.php endpoint to only users with necessary privileges.
  • Ensure that the application uses parameterized queries or input sanitization for all ORDER BY inputs.

Generated by OpenCVE AI on May 21, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Title Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort and dir Parameters
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T17:53:51.160Z

Reserved: 2026-05-21T13:15:18.101Z

Link: CVE-2026-48234

cve-icon Vulnrichment

Updated: 2026-05-21T17:53:47.160Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:20.180

Modified: 2026-05-21T19:10:12.323

Link: CVE-2026-48234

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T18:30:16Z

Weaknesses