External risk intelligence

Open ISES Tickets allows attackers to steal or change customer data

CVE advisorySeverity: HIGH (CVSS 7.1)

CVE-2026-48239

Open ISES Tickets has a SQL injection flaw that lets attackers steal or alter customer data by manipulating reports. Update to version 3.44.2 to protect sensitive information.

4Halo Surface Signal

SQL Injection

External exposure likelihood

Halo Surface Signal score for CVE-2026-48239

The vulnerability exists in a web-based ticketing system, which is a common type of business application often deployed as an internet-facing or externally reachable web service for end-user interaction and ticket management.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

An issue in Open ISES Tickets allows authenticated users to inject malicious SQL code through a specific parameter. This could enable attackers to access, change, or delete sensitive data stored in the database.

  • Attackers can read or alter data.
  • Requires existing authenticated access.

Attack Path

How an attacker could exploit the issue

Authenticated users of Open ISES Tickets can exploit this SQL injection flaw in ajax/reports.php to gain unauthorized access to sensitive data or disrupt operations. By manipulating the `tick_id` parameter in crafted requests, an attacker can alter database queries to read, modify, or delete information within the incidents summary report.

  • Requires authenticated access.
  • Targets the `ajax/reports.php` endpoint.
  • Manipulates the `tick_id` POST parameter.

Live Threat

Current exploitation, exposure, and threat context

This SQL injection vulnerability in Open ISES Tickets could be weaponized by authenticated attackers seeking to manipulate database contents. While the vulnerability requires authentication, it allows for potentially significant data compromise. The current threat picture for this specific vulnerability appears limited, with no immediate widespread exploitation signals observed.

  • No widespread exploitation reported.
  • No public exploit code readily available.
  • Patch released over a year ago.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize investigating the SQL injection vulnerability in Open ISES Tickets, focusing on instances of `ajax/reports.php` with a `tick_id` POST parameter. Authenticated attackers can exploit this to read, modify, or destroy database contents, necessitating a review of access controls and data integrity.

  • Update Open ISES Tickets to version 3.44.2.
  • Monitor for unusual database activity.
  • Restrict access to `ajax/reports.php`.

Frequently asked questions

What is Open ISES Tickets and its purpose?

Open ISES Tickets is a software application designed for managing and tracking support requests or incidents. It assists organizations in organizing and responding to issues reported by users.

What type of vulnerability is present in Open ISES Tickets, identified as CVE-2026-48239?

CVE-2026-48239 is classified as a SQL injection vulnerability. This weakness allows attackers to insert malicious SQL code into the application, potentially enabling them to access, alter, or delete database contents.

How can an attacker exploit the SQL injection vulnerability in Open ISES Tickets?

An attacker with existing authenticated access can exploit this vulnerability by manipulating the `tick_id` POST parameter in the `ajax/reports.php` file. This manipulation alters the intended SQL query, allowing the attacker to read, modify, or delete database information within the incidents summary report.

What is the relevance of the CVE-2026-48239 vulnerability in Open ISES Tickets?

The vulnerability in Open ISES Tickets (CVE-2026-48239) is relevant because it allows authenticated attackers to compromise sensitive data. By exploiting the SQL injection flaw, attackers can read, modify, or destroy database contents related to incidents.

What steps should be taken to address the Open ISES Tickets vulnerability?

To address this vulnerability, it is recommended to update Open ISES Tickets to version 3.44.2 or later. Additionally, organizations should monitor for unusual database activity and restrict access to the `ajax/reports.php` endpoint where possible.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished