Primary

Context

Open ISES Project SQL Injection Vulnerability in Nearby.php

Vulnerability

A SQL injection vulnerability has been identified in the Open ISES Project version 3.30A. This vulnerability allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious payloads into the tick_lat and tick_lng parameters. Exploitation of this vulnerability can lead to the extraction of sensitive database information, including usernames, database names, and version details.

Impact

Exploitation of this vulnerability allows for arbitrary SQL execution, which can be used to manipulate the database or extract sensitive information.

Reproduction

The vulnerability can be reproduced by sending a GET request to nearby.php with crafted SQL payloads in the tick_lat and tick_lng parameters. The injected SQL is executed by the application, allowing the attacker to extract database information.

Added: May 29, 2026, 4:43 PM

Updated: May 29, 2026, 4:43 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.6

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open ISES Project SQL Injection Vulnerability in Nearby.php

Vulnerability

Impact

Reproduction

Affected Products

Open ISES Project

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating