Vulnerabilities

CVE-2026-48234

by Fred · 21/05/2026

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

More information : https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff

Similar

Tags: Cybersecurity Alert