CVE-2026-48232
SQL Injection in Open ISES Tickets
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-48232 is a SQL injection vulnerability found in Open ISES Tickets versions before 3.44.2. It occurs in the file ajax/fullsit_incidents.php where the 'offset' GET parameter is directly concatenated into the LIMIT clause of a SQL SELECT statement without proper sanitization.
Because of this improper handling, authenticated attackers can craft malicious requests that alter the intended SQL query behavior, allowing them to read, modify, or delete data from the database.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive data, modification of database contents, or deletion of important information.
Since attackers need to be authenticated, the risk is limited to users with some level of access, but once exploited, it can compromise the integrity and confidentiality of the database.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious HTTP requests targeting the ajax/fullsit_incidents.php endpoint, specifically those including the 'offset' GET parameter with unusual or crafted values that may indicate SQL injection attempts.
You can use network traffic inspection tools or web server logs to identify such requests.
- Use curl or similar tools to test the endpoint with crafted 'offset' parameters to see if the server responds abnormally.
- Example command to test for SQL injection attempt:
- curl -i -b cookies.txt 'http://target-site/ajax/fullsit_incidents.php?offset=0 UNION SELECT 1,2,3--'
- Check web server logs for repeated or unusual requests to ajax/fullsit_incidents.php with suspicious 'offset' parameter values.
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update Open ISES Tickets to version 3.44.2 or later, where the issue has been fixed.
Until the update can be applied, restrict access to the vulnerable ajax/fullsit_incidents.php endpoint to trusted authenticated users only.
Additionally, monitor and block suspicious requests that attempt to exploit the 'offset' parameter.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows authenticated attackers to read, modify, or delete database contents by exploiting a SQL injection flaw. This unauthorized access and potential alteration of sensitive data can lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require the protection of personal and health information from unauthorized access or modification.
Therefore, if exploited, this vulnerability could result in breaches of confidentiality and integrity of data, potentially causing violations of these common standards and regulations.