Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/05/21 5:11 p.m.10 views

CVE-2026-48246 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

8.2CVSS5.9AI score0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/21 5:11 p.m.53 views

CVE-2026-48246 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests for Google Maps Directions API lookups during incident report generation. An attacker...

8.2CVSS0.00169EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/21 5:10 p.m.10 views

EUVD-2026-31320

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tickid POST parameter is concatenated into the WHERE clause of SELECT statements in the incidents summary report without sanitization. Authenticated attackers can craft requests that alter query...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/05/21 5:10 p.m.18 views

CVE-2026-48239

Open ISES Tickets contains a SQL injection vulnerability in ajax/reports.php: the tick_id POST parameter is directly concatenated into the WHERE clause of the incidents summary report queries without sanitization. This allows authenticated attackers to influence query semantics and potentially re...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the POST parameter tickid being directly concatenated into the WHERE clause of the SELEC...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in the ajax/reports.php file...

8.2CVSS5.8AI score0.00169EPSS
Exploits0References1
Rows per page
Query Builder