HIGHVulnerability
Verified
Global
NVD HIGH: CVE-2026-48236 — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loa...
·Source: NIST NVD
Updated:
Executive Summary
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modif
Analysis
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) are concatenated into mysqli connection arguments and dynamic SQL operating against an attacker-controlled database without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents. CVSS Score: 7.1. Published: 2026-05-21T18:16:20.440.