High severity7.1NVD Advisory· Published May 21, 2026· Updated May 21, 2026
CVE-2026-48237
CVE-2026-48237
Description
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.44.2
Patches
Vulnerability mechanics
References
3News mentions
1- Open ISES Tickets: 25 CVEs Disclosed — SQLi, Hardcoded Credentials, and TLS Verification FlawsVypr Intelligence · May 21, 2026