A vulnerability, which was classified as critical , has been found in openises Tickets up to 3.44.1 . Impacted is an unknown function of the file ajax/statistics.php of the component SELECT Statement Handler . The manipulation of the argument tick_id leads to sql injection. This vulnerability is documented as CVE-2026-48240 . The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.