Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

Tickets — Vulnerabilities & Security Advisories 48

All 48 CVE vulnerabilities found in Tickets, with AI-generated Chinese analysis, references, and POCs.

This page aggregates vulnerability data for the tickets product category, focusing on software weaknesses and security tags. It collects information on a wide variety of vulnerabilities, including remote code execution, cross-site scripting, and authentication bypasses, covering incidents reported from 2020 through the current quarter. By consolidating this information, the page allows security professionals and developers to efficiently track vendor advisories as they are released. Users can gain a deeper understanding of specific weakness classes by analyzing patterns in reported defects and exploit methods. Additionally, the historical data provides a comprehensive view of a product's vulnerability history, highlighting recurring issues and areas of persistent risk. This centralized resource simplifies the process of assessing the security posture of applications that manage ticketing systems. Instead of searching through disparate sources, readers can view trends in reported bugs and the corresponding mitigation strategies applied by vendors over time. The data supports informed decision-making for risk management and patch deployment. By presenting structured records of past and present vulnerabilities, this tool aids in predicting potential future attack vectors based on historical precedence. It serves as a reference for auditing existing implementations and ensuring that known security gaps are addressed. This aggregation is designed for technical audiences who require detailed, factual information without unnecessary commentary or promotional content. The goal is to provide a clear, accessible record of security incidents related to these products.

Vendor: SPIP

CVE IDTitleCVSSSeverityPublished
CVE-2026-48249 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php CWE-295 5.9 Medium2026-05-21
CVE-2026-48248 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php CWE-295 5.9 Medium2026-05-21
CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php CWE-295 5.9 Medium2026-05-21
CVE-2026-48246 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php CWE-295 5.9 Medium2026-05-21
CVE-2026-48245 Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in tables.php CWE-798 5.3 Medium2026-05-21
CVE-2026-48244 Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in settings.inc.php CWE-798 5.3 Medium2026-05-21
CVE-2026-48243 Open ISES Tickets < 3.44.2 Hardcoded WhitePages API Key in wp1.php CWE-798 5.3 Medium2026-05-21
CVE-2026-48242 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php CWE-798 8.1 High2026-05-21
CVE-2026-48241 Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php CWE-798 8.1 High2026-05-21
CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters CWE-89 7.1 High2026-05-21
CVE-2026-48239 Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter CWE-89 7.1 High2026-05-21
CVE-2026-48238 Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter CWE-89 7.1 High2026-05-21
CVE-2026-48237 Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Parameters CWE-89 7.1 High2026-05-21
CVE-2026-48236 Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters CWE-89 7.1 High2026-05-21
CVE-2026-48235 Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker Data CWE-89 8.2 High2026-05-21
CVE-2026-48234 Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort and dir Parameters CWE-89 7.1 High2026-05-21
CVE-2026-48233 Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter CWE-89 7.1 High2026-05-21
CVE-2026-48232 Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter CWE-89 7.1 High2026-05-21
CVE-2026-48231 Open ISES Tickets < 3.44.2 SQL Injection via tables.php Multiple Parameters CWE-89 7.1 High2026-05-21
CVE-2026-48230 Open ISES Tickets < 3.44.2 Reflected XSS via ticketsmdb_import.php Multiple POST Parameters CWE-79 5.4 Medium2026-05-21
CVE-2026-48229 Open ISES Tickets < 3.44.2 Reflected XSS via routes_i.php ticket_id Parameter CWE-79 5.4 Medium2026-05-21
CVE-2026-48228 Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters CWE-79 5.4 Medium2026-05-21
CVE-2026-48227 Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters CWE-79 5.4 Medium2026-05-21
CVE-2026-48226 Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters CWE-79 5.4 Medium2026-05-21
CVE-2026-48225 Open ISES Tickets < 3.44.2 Reflected XSS via landb.php _type Parameter CWE-79 5.4 Medium2026-05-21
CVE-2026-48224 Open ISES Tickets < 3.44.2 Reflected XSS via ics214.php frm_add_str Parameter CWE-79 5.4 Medium2026-05-21
CVE-2026-48223 Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter CWE-79 5.4 Medium2026-05-21
CVE-2026-48222 Open ISES Tickets < 3.44.2 Reflected XSS via ics213.php frm_add_str Parameter CWE-79 5.4 Medium2026-05-21
CVE-2026-48221 Open ISES Tickets < 3.44.2 Reflected XSS via ics205a.php frm_add_str Parameter CWE-79 5.4 Medium2026-05-21
CVE-2026-48220 Open ISES Tickets < 3.44.2 Reflected XSS via ics205.php frm_add_str Parameter CWE-79 5.4 Medium2026-05-21

All 48 known CVE vulnerabilities affecting Tickets with full Chinese analysis, references, and POCs where available.