2 matches found
CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sitincidents.php where the offset GET parameter is concatenated into the LIMIT clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, o...
EUVD-2025-38356
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'posttypes' parameter in all versions up to, and including, 3.40.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...