11 matches found
CVE-2026-48245
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...
CVE-2026-48231
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters tablename, indexname, sortby are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated...
CVE-2026-48245 Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in tables.php
Open ISES Tickets before 3.44.2 embeds a hardcoded Google Maps API key in tables.php that is committed to the public source repository. The key can be extracted by anyone with read access to the source and used to make Google Maps Platform requests billed against the original owner's Google Cloud...
CVE-2026-48231
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters tablename, indexname, sortby are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated...
EUVD-2026-31311
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters tablename, indexname, sortby are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated...
PT-2026-42509
Name of the Vulnerable Software and Affected Versions Open ISES Tickets versions prior to 3.44.2 Description An issue exists in the 'tables.php' endpoint where multiple POST parameters, specifically tablename, indexname, and sortby, are concatenated into table or column identifiers within...
Linux Distros Unpatched Vulnerability : CVE-2023-40619
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directl...
Deserialization Of Untrusted Data
phpPgAdmin is vulnerable to a deserialization flaw in untrusted data, potentially leading to remote code execution. The vulnerability is due to user-controlled data being directly passed to the PHP 'unserialize' function in multiple instances. For example, the 'ma' POST parameter in the...
CVE-2023-40619
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the...
CVE-2023-40619
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the...
CVE-2023-40619
phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the...