CVE-2026-48243— Open ISES Tickets < 3.44.2 Hardcoded WhitePages API Key in wp1.php
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48243
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Open ISES Tickets < 3.44.2 Hardcoded WhitePages API Key in wp1.php
Source: NVD (National Vulnerability Database)
Vulnerability Description
Open ISES Tickets before 3.44.2 embeds a hardcoded WhitePages reverse-phone API key in wp1.php that is committed to the public source repository. Any actor with read access to the source tree can extract the key and use it to make third-party API calls billed to or rate-limited against the original owner's WhitePages account.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用硬编码的凭证
Source: NVD (National Vulnerability Database)
Vulnerability Title
tickets 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
tickets是Open ISES开源的一款公共安全调度管理与追踪应用。 tickets 3.44.2之前版本存在信任管理问题漏洞,该漏洞源于在wp1.php中硬编码了WhitePages反向电话API密钥,可能导致任何读取源代码的人提取密钥并用于第三方API调用。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48243
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-48243
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-48243 (1)
Vendor Pages for CVE-2026-48243 (1)
Same Patch Batch · Open ISES · 2026-05-21 · 37 CVEs total
| CVE-2026-48235 | 8.2 HIGH | Open ISES Tickets < 3.44.2 SQL Injection in incs/remotes.inc.php via External GPS Tracker |
| CVE-2026-48241 | 8.1 HIGH | Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in loader.php |
| CVE-2026-48242 | 8.1 HIGH | Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credentials in import_mdb.php |
| CVE-2026-48234 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via portal/ajax/list_requests.php sort and dir Pa |
| CVE-2026-48231 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via tables.php Multiple Parameters |
| CVE-2026-48238 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/mobile_main.php id Parameter |
| CVE-2026-48240 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Par |
| CVE-2026-48233 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/sit_incidents.php offset Parameter |
| CVE-2026-48232 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/fullsit_incidents.php offset Parameter |
| CVE-2026-48239 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via ajax/reports.php tick_id Parameter |
| CVE-2026-48237 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Par |
| CVE-2026-48236 | 7.1 HIGH | Open ISES Tickets < 3.44.2 SQL Injection via db_loader.php Multiple Parameters |
| CVE-2026-48246 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php |
| CVE-2026-48249 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.i |
| CVE-2026-48248 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php |
| CVE-2026-48247 | 5.9 MEDIUM | Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php |
| CVE-2026-48227 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via patient.php id and ticket_id Parameters |
| CVE-2026-48228 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via patient_w.php id and ticket_id Parameters |
| CVE-2026-48226 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via os_watch.php ref and mode_orig Parameters |
| CVE-2026-48223 | 5.4 MEDIUM | Open ISES Tickets < 3.44.2 Reflected XSS via ics213rr.php frm_add_str Parameter |
Showing top 20 of 37 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Tickets
- CVE-2026-48249
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48248
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48247
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48246
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48245
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in
Same vendor: Open ISES
- CVE-2026-48249
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48248
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48247
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48246
Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verifica - CVE-2026-48245
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in
Same weakness: CWE-798
- CVE-2026-48245
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in - CVE-2026-48244
Open ISES Tickets < 3.44.2 Hardcoded Google Maps API Key in - CVE-2026-48242
Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credenti - CVE-2026-48241
Open ISES Tickets < 3.44.2 Hardcoded MySQL Database Credenti - CVE-2026-9139
Taiko AG1000-01A Rev 7.3/8 Hard-coded Credentials via login.
V. Comments for CVE-2026-48243
No comments yet