Volerion logoVolerion
Volerion logoVolerion

Open ISES Tickets Hardcoded MySQL Credentials Vulnerability

Vulnerability

A vulnerability exists in Open ISES Tickets versions prior to 3.44.2, where hardcoded MySQL database connection credentials are embedded in the source code of 'import_mdb.php'. These credentials, including the host, username, password, and database name, were committed to a public repository, allowing anyone to access valid configuration values that could correspond to deployed installations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to the MySQL database using the hardcoded credentials, potentially allowing for data manipulation or extraction.

Reproduction

The vulnerability can be reproduced by examining the 'import_mdb.php' file in the Open ISES Tickets repository prior to version 3.44.2'. The hardcoded MySQL credentials can be found in this file, and these credentials can be used to access the database if they match the credentials of a deployed instance.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been addressed.

Added: May 21, 2026, 6:36 PM
Updated: May 21, 2026, 6:36 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
8.4
remediation
0.0
relevance
8.5
threat
4.8
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.