Open ISES Tickets CVE-2026-48233: SQL Injection Exposes Database
The National Vulnerability Database has published details on CVE-2026-48233, a high-severity SQL injection vulnerability affecting Open ISES Tickets installations before version 3.44.2. Specifically, the ajax/sit_incidents.php script fails to sanitize the offset GET parameter before concatenating it into a LIMIT clause within a SELECT statement. This is a classic SQLi vector.
Authenticated attackers can exploit this flaw to craft malicious requests, altering the database query’s semantics. This allows them to read, modify, or even destroy the contents of the underlying database. The vulnerability carries a CVSS v3.1 score of 7.1 (High), with a vector of AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N, indicating network accessibility, low attack complexity, and requiring only low privileges for significant impact on confidentiality and integrity.
While specific affected products beyond ‘Open ISES Tickets’ were not detailed by the National Vulnerability Database, organizations utilizing this system should prioritize immediate patching. SQL injection vulnerabilities are a direct path to data exfiltration and compromise, a risk no CISO can afford to ignore.
What This Means For You
- If your organization uses Open ISES Tickets, you must verify your version immediately. Patch to 3.44.2 or higher to mitigate CVE-2026-48233. This is a direct database compromise vector for authenticated attackers; assume any unpatched system is already vulnerable to data theft or manipulation.
Related ATT&CK Techniques
🛡️ Detection Rules
6 rules · 6 SIEM formats6 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Web Application Exploitation Attempt — CVE-2026-48233
title: Web Application Exploitation Attempt — CVE-2026-48233
id: scw-2026-05-21-1
status: experimental
level: high
description: |
Detects common exploitation patterns targeting web applications. Review CVE-2026-48233 advisories for specific indicators.
author: SCW Feed Engine (auto-generated)
date: 2026-05-21
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-48233/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- '..'
- 'SELECT'
- 'UNION'
- '<script'
- 'cmd='
- '/etc/passwd'
condition: selection
falsepositives:
- Legitimate activity from CVE-2026-48233
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-48233 | SQLi | Open ISES Tickets before 3.44.2 |
| CVE-2026-48233 | SQLi | ajax/sit_incidents.php |
| CVE-2026-48233 | SQLi | GET parameter 'offset' |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 21, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate
CVE-2026-48247 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...
CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate
CVE-2026-48246 — Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound...
Open ISES Tickets CVE-2026-48242: Hardcoded MySQL Credentials Exposed
CVE-2026-48242 — Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in...