Description
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Published: 2026-05-21
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A direct SQL injection flaw exists in the ajax/reports.php component of Open ISES Tickets. The tick_id POST parameter is concatenated into the WHERE clause of SELECT statements without sanitization. Authenticated users can craft payloads that alter query semantics, allowing them to read sensitive data, modify records, or delete entries within the database.

Affected Systems

Open ISES Tickets installations that use any version prior to 3.44.2 are affected. The issue is present in the open‑source release distributed by Open ISES and can be confirmed by reviewing the commit that introduced the vulnerable code. All users with access to the Ajax reporting endpoint can be impacted.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high risk. The exploit probability (EPSS) is not available, and the vulnerability is not listed in the CISA KEV catalog. Because authentication is required, the likely attack vector involves an attacker who has legitimate login credentials accessing the Ajax reports endpoint. Successful exploitation would compromise the confidentiality, integrity, and availability of the Ticketing application's database.

Generated by OpenCVE AI on May 21, 2026 at 19:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Open ISES Tickets v3.44.2 or later, which removes the vulnerable code.
  • Implement parameterized queries or proper input validation for the tick_id parameter to prevent SQL injection.
  • Restrict access to the ajax/reports.php endpoint to only privileged users who require it and monitor for abnormal query activity.

Generated by OpenCVE AI on May 21, 2026 at 19:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 21 May 2026 17:45:00 +0000

Type Values Removed Values Added
Description Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
Title Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-21T17:47:44.364Z

Reserved: 2026-05-21T13:15:18.101Z

Link: CVE-2026-48239

cve-icon Vulnrichment

Updated: 2026-05-21T17:47:41.029Z

cve-icon NVD

Status : Deferred

Published: 2026-05-21T18:16:20.820

Modified: 2026-05-21T19:10:12.323

Link: CVE-2026-48239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T19:15:20Z

Weaknesses