NVD HIGH: CVE-2026-48237 — Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in messag...

Thursday, May 21, 2026 at 06:16 PM UTC·Source: NIST NVD

Updated: Tuesday, May 26, 2026 at 04:00 PM UTC

Executive Summary

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST parameters are concatenated into WHERE clauses of SELECT/UPDATE statements without sanitization. Authenticated attackers can craft requests that alter query semantics to read, modify, or destroy database contents.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-48237

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 21, 2026. Verified by: NIST.

Related Threats

CRITICALVulnerabilityNEW

Vulnerability Disclosure in the Age of AI

New article: “ Responsible Disclosure in the Age of AI: A Call for Urgent Action ,” by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitable software vulnerabilities at unprecedented speed and scale. This development exposes de

39m agoSchneier on Security

MEDIUMVulnerability

Equals Money and Railsr rebrand as Equals

Equals Money and Railsr rebrands as Equals, the next-generation global money movement platform.

1h agoFinextra

MEDIUMVulnerability

BIS reports back on open finance Project Aperta

Project Aperta, led by the Bank for International Settlements (BIS), has been designing, developing and testing a prototype for cross-border open finance interconnectivity via application programming interfaces (APIs) – a "network of networks" that connects existing domestic networks through a neutral interoperability layer.

1h agoFinextra