CVE-2026-48242
HighSummary
Open ISES Tickets before version 3.44.2 contains hardcoded MySQL database connection credentials in import_mdb.php. These credentials are embedded in source code committed to a public repository, allowing any reader to obtain configuration values that may match deployed installations.
Risk Assessment
The organization is at risk of unauthorized access to the database, which could lead to data leaks or system compromise. The exposure of credentials may allow attackers to take control of deployed applications.
Recommendation
It is recommended to upgrade to the latest version of Open ISES Tickets to remove the hardcoded credentials. Additionally, all database credentials that may have been exposed should be changed.
Original NVD description (English source)
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.

