CVE-2026-48239
Deferred Deferred - Pending Action
SQL Injection in Open ISES Tickets

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: VulnCheck

Description
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-11
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-10
NVD
CVE-2026-48239
EUVD
EUVD-2026-31320
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-89 The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows authenticated attackers to read, modify, or delete database contents by exploiting a SQL injection flaw. Such unauthorized access and manipulation of data can lead to breaches of sensitive information.

This kind of data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and alteration.

Detection Guidance

This vulnerability can be detected by monitoring and analyzing HTTP POST requests to the ajax/reports.php endpoint, specifically looking for suspicious or malformed tick_id parameters that may indicate SQL injection attempts.

Since the vulnerability requires authentication, detection involves reviewing authenticated traffic for unusual patterns or testing the endpoint with crafted tick_id values to observe if the backend database is affected.

A common approach is to use tools like curl or Burp Suite to send test POST requests with SQL injection payloads in the tick_id parameter and observe the responses for errors or unexpected behavior.

  • Example curl command to test for SQL injection:
  • curl -X POST -d "tick_id=1' OR '1'='1" -b cookies.txt https://target-domain/ajax/reports.php
  • Replace 'cookies.txt' with a file containing valid authentication cookies.
  • Look for SQL error messages or unexpected data in the response indicating the injection was successful.
Executive Summary

CVE-2026-48239 is a SQL injection vulnerability found in Open ISES Tickets versions before 3.44.2, specifically in the ajax/reports.php file.

The vulnerability occurs because the tick_id POST parameter is directly concatenated into the WHERE clause of SQL SELECT statements without proper sanitization or neutralization of special characters.

This allows authenticated attackers to craft malicious requests that alter the intended SQL query behavior.

As a result, attackers can manipulate the database queries to read, modify, or delete database contents.

Impact Analysis

This vulnerability can have serious impacts including unauthorized access to sensitive data stored in the database.

Attackers can modify or delete data, which could lead to data loss, corruption, or disruption of services.

Because the attacker must be authenticated, the risk is limited to users with some level of access, but the damage can still be significant.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Open ISES Tickets to version 3.44.2 or later, where the issue has been fixed.

The vulnerability is caused by improper sanitization of the tick_id POST parameter in ajax/reports.php, so applying the official patch or update will neutralize this risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48239. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart