HIGHVulnerability
Verified
Global

NVD HIGH: CVE-2026-48235 — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/r...

·Source: NIST NVD

Updated:

Executive Summary

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and Google Latitude integration) are concatenated into UPDATE and INSERT statements without sanitization. An attacker able to compromise or impersonate the re

Analysis

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and Google Latitude integration) are concatenated into UPDATE and INSERT statements without sanitization. An attacker able to compromise or impersonate the remote GPS tracker endpoint can inject SQL to manipulate the responder location, tracks, and assignment tables. CVSS Score: 8.2. Published: 2026-05-21T18:16:20.310.

Indicators of Compromise (1)

CVE (1)
CVE-2026-48235
NVDMITRE CVE
Source Attribution

Originally published by NIST NVD on May 21, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Why Firms Struggle With Vendor Security After They Sign

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/healthcare-firms-struggle-ongoing-vendor-oversight-image_small-9-a-31826.jpg" align=right hspace=4><b>Study: Monitoring Vendor Risk Remains Much Harder Than Onboarding Third Parties</b><br>Healthcare organizations are getting better vetting third-party vendors, including suppliers of medical devices, software and other products. B

Bank Info Security
LOWVulnerabilityNEW

Rapid7 Names Wael Mohamed CEO Amid Ongoing Growth Struggles

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/rapid7-names-wael-mohamed-ceo-amid-ongoing-growth-struggles-image_small-2-a-31830.jpg" align=right hspace=4><b>Former Forescout CEO, Trend Micro COO Mohamed Succeeds Corey Thomas After 13 Years</b><br>Rapid7 has appointed former Forescout CEO Wael Mohamed as chief executive, betting that a renewed focus on AI-driven security opera

Bank Info Security
MEDIUMVulnerabilityNEW

Dragos Expands Into Connected Devices With Phosphorus Buy

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/dragos-expands-into-connected-devices-phosphorus-buy-image_small-5-a-31828.jpg" align=right hspace=4><b>OT Firm Looks to Secure IoT, Industrial and Medical Devices</b><br>Dragos, one of the first OT cybersecurity companies, announced Monday it acquired Phosphorus, the IoT security and management player, a move analysts said was de

Bank Info Security