Volerion logoVolerion
Volerion logoVolerion

Open ISES Tickets Hardcoded WhitePages API Key Vulnerability

Vulnerability

A vulnerability exists in Open ISES Tickets versions prior to 3.44.2, where a hardcoded WhitePages reverse-phone API key is embedded in wp1.php. This key, committed to the public source repository, can be extracted by anyone with read access and used to make third-party API calls charged to or rate-limited against the original owner's WhitePages account.

Impact

The hardcoded API key can be misused for unauthorized WhitePages API calls, potentially leading to unexpected charges or rate-limiting on the original owner's account.

Reproduction

The vulnerability can be reproduced by accessing the source code of the Open ISES Tickets application version prior to 3.44.2. The WhitePages API key can be found in the wp1.php file. Once extracted, this key can be used to make API calls on behalf of the original owner.

Remediation

Users are advised to upgrade to Open ISES Tickets version 3.44.2 or later, where this vulnerability has been patched.

Added: May 21, 2026, 6:36 PM
Updated: May 21, 2026, 6:36 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
2.5
exploitability
8.0
remediation
0.0
relevance
8.5
threat
4.8
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.