Vendor

Open ISES

4 briefs RSS

Open ISES Tickets Hardcoded Database Credentials Vulnerability

Open ISES Tickets before version 3.44.2 contains hardcoded MySQL database connection credentials in import_mdb.php, allowing unauthorized database access.

Tickets +1 cve-2026-48242 hardcoded-credentials database-access

2r 1c 13m ago

high advisory

Open ISES Tickets Hardcoded MySQL Credentials Vulnerability (CVE-2026-48241)

2 rules 1 TTP 1 CVE

Open ISES Tickets before version 3.44.2 contains hardcoded MySQL database credentials in loader.php, allowing an attacker with access to the source code or the file on a deployed installation to read the username, password, and database name and use them to connect to the database (CVE-2026-48241).

Tickets < 3.44.2 cve hardcoded credentials vulnerability database

2r 1t 1c 13m ago

high advisory

Open ISES Tickets SQL Injection Vulnerability (CVE-2026-48240)

2 rules 1 TTP 1 CVE

Open ISES Tickets before version 3.44.2 is vulnerable to SQL injection in ajax/statistics.php via the tick_id and f_tick_id POST parameters, allowing authenticated attackers to manipulate SQL queries and potentially read, modify, or destroy database contents.

Tickets sql-injection cve-2026-48240 web-application

2r 1t 1c 13m ago

high advisory

Open ISES Tickets SQL Injection Vulnerability (CVE-2026-48238)

2 rules 1 TTP 1 CVE

Open ISES Tickets before version 3.44.2 is vulnerable to SQL injection (CVE-2026-48238) because the id GET parameter in ajax/mobile_main.php is concatenated into the WHERE clause of a SELECT statement without sanitization, allowing authenticated attackers to craft requests that can read, modify, or destroy database contents.

Tickets < 3.44.2 cve sql-injection web-application

2r 1t 1c 13m ago