CVE-2026-48234

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list requests.php where the sort and dir GET parameters are concatenated into the ORDER BY clause of a SELECT statement without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2026-48234

Affected Products

Tickets

CVE-2026-48234

Weakness Enumeration

Related Identifiers

Affected Products

References · 4