A vulnerability classified as critical was found in openises Tickets up to 3.44.1 . This issue affects some unknown processing of the file ajax/reports.php of the component POST Parameter Handler . Executing a manipulation of the argument tick_id can lead to sql injection. This vulnerability is registered as CVE-2026-48239 . It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.