CVE-2026-48242
Deferred Deferred - Pending Action
Hard-Coded MySQL Credentials in Open ISES Tickets

Publication date: 2026-05-21

Last updated on: 2026-05-21

Assigner: VulnCheck

Description
Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in import_mdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values that may match deployed installations.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-21
Last Modified
2026-05-21
Generated
2026-06-11
AI Q&A
2026-05-21
EPSS Evaluated
2026-06-10
NVD
CVE-2026-48242
EUVD
EUVD-2026-31324
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Open ISES Tickets versions before 3.44.2, where the file import_mdb.php contains hardcoded MySQL database connection credentials such as host, username, password, and database name.

These credentials are embedded directly in the source code, which is committed to a public repository. As a result, anyone who accesses the source code can obtain valid database configuration details that might be used in deployed installations.

Compliance Impact

This vulnerability involves hardcoded MySQL database credentials embedded in publicly accessible source code, which can lead to unauthorized access to sensitive data.

Such unauthorized access risks violating data protection requirements under common standards and regulations like GDPR and HIPAA, which mandate strict controls over access to personal and sensitive information.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to potential data breaches and inadequate protection of confidential data.

Impact Analysis

The exposure of hardcoded database credentials can allow unauthorized individuals to access the MySQL database associated with the application.

This can lead to unauthorized data access, data modification, or data deletion, potentially compromising the confidentiality, integrity, and availability of the data stored in the database.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48242. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart