Description
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Published: 2026-05-21
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated directly into SQL WHERE clauses without any input sanitization. This allows an attacker to alter the semantics of SELECT, UPDATE or DELETE statements, enabling them to read sensitive data, modify existing records, or delete database contents. The weakness is a classic SQL injection flaw (CWE-89).

Affected Systems

Open ISES Tickets versions earlier than 3.44.2 are affected. The vulnerability impacts the core ticket management functionality exposed by message.php in these releases.

Risk and Exploitability

The CVSS score of 7.1 indicates a high level of risk. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector requires an authenticated user to submit crafted POST requests, so the exposure is limited to legitimate users or compromised credentials rather than arbitrary remote users.

Generated by OpenCVE AI on May 21, 2026 at 18:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Open ISES Tickets to version 3.44.2 or later to apply the vendor‑supplied fix.
  • Restrict access to message.php to only users who truly need it, and remove or secure any functionality that allows arbitrary POST parameters if an upgrade is not yet possible.
  • Implement input validation or use parameterized queries for frm_ticket_id and frm_resp_id to prevent future injection attacks.

Generated by OpenCVE AI on May 21, 2026 at 18:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Title Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Parameters
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T18:55:11.468Z

Reserved: 2026-05-21T13:15:18.101Z

Link: CVE-2026-48237

cve-icon Vulnrichment

Updated: 2026-05-21T18:53:15.739Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:20.570

Modified: 2026-05-21T19:10:12.323

Link: CVE-2026-48237

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T18:45:17Z

Weaknesses