CVE-2026-48242
HIGHOpen ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php
Title source: cnaDescription
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.
References (3)
Core 3
Core References
Release Notes release-notes
https://github.com/openises/tickets/releases/tag/v3.44.2
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-import-mdb-php
Scores
CVSS v3
8.1
EPSS
0.0030
EPSS Percentile
21.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
Open ISES/Tickets
< 3.44.2
Published
May 21, 2026
Tracked Since
May 21, 2026