2 matches found
CVE-2026-48240
creationtimestamp| type| source ---|---|--- 2026-05-21 19:32:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmf5w6wh5e2c...
CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...