Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in...

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network.

AI Analysis

Hardcoded MySQL database credentials in loader.php

Basic Information

ID CVE-2026-48241

Source VulnCheck

Published May 21, 2026 at 17:10

Modified May 21, 2026 at 18:03

Affected Product

Vendor Open ISES

Product Tickets

Affected Versions Open ISES Tickets 0

CWE Classification

CWE-798

AI Assessment

AI Score 9.2 / 10

AI Severity Critical

Vendor Open ISES

Product Open ISES Tickets

Version < 3.44.2

References

{
    "lastseen": "",
    "description": "Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network.",
    "published": "2026-05-21T17:10:55.398Z",
    "modified": "2026-05-21T18:03:27.977Z",
    "type": "cve",
    "title": "Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php",
    "source": "VulnCheck",
    "references": "https://github.com/openises/tickets/releases/tag/v3.44.2\nhttps://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff\nhttps://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-loader-php",
    "id": "CVE-2026-48241",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "Open ISES Tickets 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tickets",
    "version": "0",
    "vendor": "Open ISES",
    "ai_description": "Hardcoded MySQL database credentials in loader.php",
    "ai_severity": "Critical",
    "ai_vendor": "Open ISES",
    "ai_product": "Open ISES Tickets",
    "ai_version": "< 3.44.2",
    "ai_score": 9.2
}

Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php_CVE-2026-48241