Open ISES Tickets SQL Injection (CVE-2026-48232) Allows Data Manipulation
The National Vulnerability Database has disclosed CVE-2026-48232, a high-severity SQL injection vulnerability in Open ISES Tickets versions prior to 3.44.2. The flaw exists in ajax/fullsit_incidents.php, where the offset GET parameter is unsafely concatenated into the LIMIT clause of a SELECT statement. This direct concatenation without sanitization creates a critical attack vector.
Authenticated attackers can exploit this vulnerability by crafting malicious requests. The National Vulnerability Database states that this allows them to alter query semantics, leading to the ability to read, modify, or destroy database contents. While requiring authentication, the impact is substantial, making this a significant risk for organizations using affected versions.
This isn’t just about data exfiltration; the ability to modify or destroy data is a CISO’s nightmare. It means integrity and availability are directly compromised. Defenders need to recognize that even ‘authenticated’ SQLi can be easily chained with other vulnerabilities or social engineering tactics to gain initial access. Patching is non-negotiable.
What This Means For You
- If your organization uses Open ISES Tickets, immediately check your version. Patch to 3.44.2 or later to mitigate CVE-2026-48232. Audit logs for any unusual database activity or anomalous requests to `ajax/fullsit_incidents.php` that might indicate exploitation.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-48232 - Open ISES Tickets SQL Injection via offset parameter
title: CVE-2026-48232 - Open ISES Tickets SQL Injection via offset parameter
id: scw-2026-05-21-ai-1
status: experimental
level: high
description: |
Detects attempts to exploit CVE-2026-48232 by looking for requests to ajax/fullsit_incidents.php that include the 'offset=' GET parameter, which is vulnerable to SQL injection in versions prior to 3.44.2. This can be used to read, modify, or destroy database contents.
author: SCW Feed Engine (AI-generated)
date: 2026-05-21
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-48232/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/ajax/fullsit_incidents.php'
cs-uri-query|contains:
- 'offset='
condition: cs-uri AND cs-uri-query
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-48232 | SQLi | Open ISES Tickets before 3.44.2 |
| CVE-2026-48232 | SQLi | ajax/fullsit_incidents.php |
| CVE-2026-48232 | SQLi | GET parameter 'offset' |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 21, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate
CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...
CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate
CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...
Open ISES Tickets CVE-2026-48242: Hardcoded MySQL Credentials Exposed
CVE-2026-48242 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in...