Skip to content
Threat Feed
medium advisory

Open ISES Tickets Hardcoded Database Credentials Vulnerability

Open ISES Tickets before version 3.44.2 contains hardcoded MySQL database connection credentials in import_mdb.php, allowing unauthorized database access.

Open ISES Tickets, a web-based ticketing system, suffers from a critical vulnerability (CVE-2026-48242) affecting versions prior to 3.44.2. The vulnerability stems from hardcoded MySQL database connection credentials (host, username, password, database name) within the import_mdb.php file. This file, and the credentials within it, were committed to the public code repository. As a result, anyone with access to the source code can potentially gain unauthorized access to the database server, leading to data breaches, modification, or complete system compromise. This exposure is particularly concerning given that deployed installations may be using the default, now-public, credentials.

Attack Chain

  1. Attacker gains access to the Open ISES Tickets source code repository.
  2. Attacker locates the import_mdb.php file within the repository.
  3. Attacker extracts the hardcoded MySQL database connection credentials from import_mdb.php.
  4. Attacker uses the obtained credentials to establish a connection to the MySQL database server.
  5. Attacker authenticates to the database server using the compromised credentials.
  6. Attacker executes arbitrary SQL queries to read sensitive data from the database.
  7. Attacker may modify or delete data within the database, leading to data corruption or service disruption.
  8. Attacker may escalate privileges within the database server and gain access to other systems or data.

Impact

Successful exploitation of CVE-2026-48242 can lead to full compromise of the Open ISES Tickets system and its associated data. With a CVSS v3.1 score of 8.1, the vulnerability poses a significant risk. The exposure of database credentials allows attackers to read, modify, or delete sensitive information, potentially affecting all users of the ticketing system. The hardcoded nature of the credentials and public accessibility of the code repository significantly increase the likelihood of exploitation. The number of affected installations is currently unknown.

Recommendation

  • Upgrade to Open ISES Tickets version 3.44.2 or later to remove the hardcoded credentials.
  • Deploy the Sigma rule to detect potential database access attempts using default credentials.
  • Review the import_mdb.php file in existing installations and verify that the credentials have been changed from the default values.
  • Rotate database credentials for all Open ISES Tickets instances.

Detection coverage 2

Detect MySQL Login using Default Credentials

high

Detects potential MySQL login attempts using default credentials after CVE-2026-48242.

sigma tactics: initial_access techniques: T1190 sources: database, mysql

Detect Access to import_mdb.php

medium

Detects access to the vulnerable import_mdb.php file, potentially indicating exploitation of CVE-2026-48242.

sigma tactics: initial_access techniques: T1190 sources: webserver

Detection queries are available on the platform. Get full rules →