CVE-2026-48242
Hard-Coded MySQL Credentials in Open ISES Tickets
Publication date: 2026-05-21
Last updated on: 2026-05-21
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Open ISES Tickets versions before 3.44.2, where the file import_mdb.php contains hardcoded MySQL database connection credentials such as host, username, password, and database name.
These credentials are embedded directly in the source code, which is committed to a public repository. As a result, anyone who accesses the source code can obtain valid database configuration details that might be used in deployed installations.
How can this vulnerability impact me? :
The exposure of hardcoded database credentials can allow unauthorized individuals to access the MySQL database associated with the application.
This can lead to unauthorized data access, data modification, or data deletion, potentially compromising the confidentiality, integrity, and availability of the data stored in the database.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves hardcoded MySQL database credentials embedded in publicly accessible source code, which can lead to unauthorized access to sensitive data.
Such unauthorized access risks violating data protection requirements under common standards and regulations like GDPR and HIPAA, which mandate strict controls over access to personal and sensitive information.
Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to potential data breaches and inadequate protection of confidential data.