CVE-2026-48235— Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48235
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data
Source: NVD (National Vulnerability Database)
Vulnerability Description
Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses (InstaMapper and Google Latitude integration) are concatenated into UPDATE and INSERT statements without sanitization. An attacker able to compromise or impersonate the remote GPS tracker endpoint can inject SQL to manipulate the responder location, tracks, and assignment tables.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
tickets SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
tickets是Open ISES开源的一款公共安全调度管理与追踪应用。 tickets 3.44.2之前版本存在SQL注入漏洞,该漏洞源于在incs/remotes.inc.php中从外部GPS跟踪服务XML/JSON响应解析的latitude、longitude、callsign、mph、altitude和timestamp值未清理直接拼接到UPDATE和INSERT语句中,可能导致攻击者通过破解或冒充远程GPS跟踪器端点注入SQL,操纵响应者位置、轨迹和分配表。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48235
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8747 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-48235
请登录查看更多情报信息。
Vendor Pages for CVE-2026-48235 (1)
Other References for CVE-2026-48235 (1)
- 🔗 Page Not Found | VulnCheckthird-party-advisory
Same Patch Batch · Open ISES · 2026-05-21 · 37 CVEs total
| CVE-2026-48241 | 8.1 HIGH | Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php |
| CVE-2026-48242 | 8.1 HIGH | Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php |
| CVE-2026-48238 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter |
| CVE-2026-48236 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters |
| CVE-2026-48231 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via tables.php Multiple Parameters |
| CVE-2026-48240 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Par |
| CVE-2026-48237 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Par |
| CVE-2026-48233 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter |
| CVE-2026-48234 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort and dir Pa |
| CVE-2026-48232 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter |
| CVE-2026-48239 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter |
| CVE-2026-48247 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php |
| CVE-2026-48248 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php |
| CVE-2026-48246 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php |
| CVE-2026-48249 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.i |
| CVE-2026-48228 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters |
| CVE-2026-48230 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameter |
| CVE-2026-48227 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters |
| CVE-2026-48226 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters |
| CVE-2026-48223 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter |
Showing top 20 of 37 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Tickets
- CVE-2026-48249
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48248
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48247
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48246
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48245
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in
Same vendor: Open ISES
- CVE-2026-48249
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48248
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48247
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48246
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48245
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in
Same weakness: CWE-89
- CVE-2026-42755
WordPress TableOn plugin <= 1.0.5.1 - SQL Injection vulnerab - CVE-2026-42761
WordPress Active Products Tables for WooCommerce plugin <= 1 - CVE-2026-42740
WordPress Tainacan plugin <= 1.0.3 - SQL Injection vulnerabi - CVE-2026-42747
WordPress Easy Form Builder plugin <= 4.0.6 - SQL Injection - CVE-2026-42730
WordPress MasterStudy LMS plugin <= 3.7.29 - SQL Injection v
V. Comments for CVE-2026-48235
No comments yet