Lucene search
K

5 matches found

NVD
NVD
added 2026/05/21 6:16 p.m.13 views

CVE-2026-48238

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

7.1CVSS0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/21 5:10 p.m.6 views

CVE-2026-48238 Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 5:10 p.m.6 views

CVE-2026-48238

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 5:10 p.m.10 views

EUVD-2026-31319

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobilemain.php where the id GET parameter is concatenated into the WHERE clause of a SELECT statement used as a ticket-existence sanity check without sanitization. Authenticated attackers can craft requests that alter...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

tickets SQL注入漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of the id GET parameter in the ajax/mobilemain.php file into th...

7.1CVSS5.9AI score0.00214EPSS
Exploits0References1
Rows per page
Query Builder