CVE-2026-48237 Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

EUVD-2026-31317

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

CVE-2026-48237

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frmticketid and frmrespid POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to...

PT-2026-42515

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm ticket id and frm resp id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics...

PT-2025-38322

Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A SQL injection weakness exists in the file /members/compose msg.php due to the manipulation of the ID argument. This issue is exploitable remotely. The exploit has been made publicl...

CVE-2011-3704

appRain 0.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by cron.php...

CVE-2024-0722

A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be...

SUSE CVE-2009-0930

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 smime.php, 2 pgp.php, and 3 message.php...

CVE-2021-38732

SEMCMS SHOP v 1.1 is vulnerable to SQL via AntMessage.php...

Private Message PHP Script 2.0 - Persistent Cross-Site scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows...

SQL Injection Vulnerability in zzcms 8.2 user/msg.php File

zzcms is an enterprise website builder program It is an enterprise website builder program. An SQL injection vulnerability exists in the user/msg.php file of zzcms version 8.2, which can be exploited by attackers to access or modify database information...

Cross-site scripting vulnerability in phpaacms

phpaaCMS is a simple article management system. A cross-site scripting vulnerability exists in the message.php message board area, which can be exploited by an attacker to insert a cross-site script statement, resulting in a cross-site attack...