2 matches found
CVE-2026-48239
Open ISES Tickets contains a SQL injection vulnerability in ajax/reports.php: the tick_id POST parameter is directly concatenated into the WHERE clause of the incidents summary report queries without sanitization. This allows authenticated attackers to influence query semantics and potentially re...
CVE-2017-12776
SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter...