Skip to content
Threat Feed
high advisory

Open ISES Tickets SQL Injection Vulnerability (CVE-2026-48238)

Open ISES Tickets before version 3.44.2 is vulnerable to SQL injection (CVE-2026-48238) because the id GET parameter in ajax/mobile_main.php is concatenated into the WHERE clause of a SELECT statement without sanitization, allowing authenticated attackers to craft requests that can read, modify, or destroy database contents.

Open ISES Tickets before version 3.44.2 is susceptible to SQL injection in the ajax/mobile_main.php component. The vulnerability stems from the insecure handling of the id GET parameter. Specifically, this parameter is directly concatenated into the WHERE clause of a SELECT statement without proper sanitization or parameterization. This allows an authenticated attacker to manipulate the SQL query and potentially read, modify, or delete sensitive data within the database. This vulnerability was reported on 2026-05-21 and assigned CVE-2026-48238. Exploitation requires authentication, however, the impact can be significant, leading to data breaches or complete system compromise.

Attack Chain

  1. An authenticated attacker identifies the vulnerable endpoint ajax/mobile_main.php.
  2. The attacker crafts a malicious HTTP GET request targeting ajax/mobile_main.php.
  3. The crafted GET request includes the id parameter with a SQL injection payload.
  4. The server-side application concatenates the unsanitized id parameter into the SQL query.
  5. The malicious SQL query is executed against the database.
  6. The attacker can read sensitive data from the database by using UNION SELECT to extract data from other tables.
  7. Alternatively, the attacker modifies data using UPDATE statements within the injected SQL.
  8. The attacker can potentially gain full control over the application data, leading to complete compromise.

Impact

Successful exploitation of this SQL injection vulnerability (CVE-2026-48238) can allow an attacker to read, modify, or destroy data within the Open ISES Tickets database. This can lead to sensitive information disclosure, data corruption, or denial of service. Given a CVSS base score of 7.1, the risk is considerable, especially if the targeted Open ISES Tickets instance contains sensitive information or is critical to business operations.

Recommendation

  • Upgrade Open ISES Tickets to version 3.44.2 or later to patch the SQL injection vulnerability (CVE-2026-48238) as recommended by the vendor.
  • Deploy the Sigma rule Detect SQL Injection Attempts in Open ISES Tickets to detect exploitation attempts targeting the vulnerable endpoint.
  • Monitor web server logs for suspicious GET requests to ajax/mobile_main.php containing SQL injection payloads, specifically looking for SQL keywords or syntax in the id parameter.

Detection coverage 2

Detect SQL Injection Attempts in Open ISES Tickets

high

Detects CVE-2026-48238 exploitation — SQL injection attempts targeting the id parameter in Open ISES Tickets ajax/mobile_main.php

sigma tactics: initial_access techniques: T1190 sources: webserver

Detect SQL Injection Error Messages in Open ISES Tickets

medium

Detects potential CVE-2026-48238 exploitation attempts by monitoring for SQL error messages in the web server logs after requests to the vulnerable endpoint.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →