Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in...

9.2 / 10

CRITICAL

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.

AI Analysis

Hardcoded MySQL database credentials in import_mdb.php

Basic Information

ID CVE-2026-48242

Source VulnCheck

Published May 21, 2026 at 17:11

Affected Product

Vendor Open ISES

Product Tickets

Affected Versions Open ISES Tickets 0

CWE Classification

CWE-798

AI Assessment

AI Score 9.2 / 10

AI Severity Critical

Vendor Open ISES

Product Open ISES Tickets

Version < 3.44.2

References

{
    "lastseen": "",
    "description": "Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.",
    "published": "2026-05-21T17:11:00.452Z",
    "modified": "2026-05-21T17:11:00.452Z",
    "type": "cve",
    "title": "Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php",
    "source": "VulnCheck",
    "references": "https://github.com/openises/tickets/releases/tag/v3.44.2\nhttps://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff\nhttps://www.vulncheck.com/advisories/open-ises-tickets-hardcoded-mysql-credentials-in-import-mdb-php",
    "id": "CVE-2026-48242",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "Open ISES Tickets 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.2,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tickets",
    "version": "0",
    "vendor": "Open ISES",
    "ai_description": "Hardcoded MySQL database credentials in import_mdb.php",
    "ai_severity": "Critical",
    "ai_vendor": "Open ISES",
    "ai_product": "Open ISES Tickets",
    "ai_version": "< 3.44.2",
    "ai_score": 9.2
}

Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php_CVE-2026-48242