VYPR
High severity8.1NVD Advisory· Published May 21, 2026· Updated May 21, 2026

CVE-2026-48241

CVE-2026-48241

Description

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to the source repository. Any actor with access to the public source tree (or an unauthenticated attacker with read access to the file on a deployed installation) can read the username, password, and database name and use them to connect to the database if it is reachable from their network.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openises/Ticketsreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <3.44.2

Patches

Vulnerability mechanics

References

3

News mentions

1