NVD HIGH: CVE-2026-48231 — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables...

Thursday, May 21, 2026 at 06:16 PM UTC·Source: NIST NVD

Updated: Monday, May 25, 2026 at 05:00 AM UTC

Executive Summary

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-48231

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 21, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

PayWallet expands payout capabilities with TerraPay integration

TerraPay, a global money movement company, has partnered with PalWallet, a fintech infrastructure provider focused on stablecoin settlement, global payments infrastructure and embedded financial services, to help businesses move money across borders faster and more efficiently.

Just nowFinextra

MEDIUMVulnerabilityNEW

UK Payments Initiative launches to challenge Visa and Mastercard stranglehold

The UK Payments Initiative, a new company formed with the backing of the UK's biggest banks, has gone live, with the aim of undermining the dominance of US card networks in payments.

18m agoFinextra

MEDIUMVulnerabilityNEW

Meta AI Hands Over High-Profile Instagram Accounts to Hackers

Exploiting a confused deputy weakness, the hackers simply asked the chatbot to link the account to a new email address. The post Meta AI Hands Over High-Profile Instagram Accounts to Hackers appeared first on SecurityWeek .

20m agoSecurityWeek