CVE-2026-48242

HIGH CVSS 8.1 View on NVD ↗

Description

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff
https://github.com/openises/tickets/releases/tag/v3.44.2
https://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-import-mdb-php

Published: May 21, 2026 18:16 UTC Modified: May 21, 2026 19:10 UTC