Osticket : Security Vulnerabilities, CVEs, CVSS score >= 9

CVE-2020-24881

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Max CVSS
9.8
EPSS Score
73.57%
Published
2020-11-02
Updated
2021-01-30

CVE-2017-15580

osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
Max CVSS
9.8
EPSS Score
4.00%
Published
2017-10-23
Updated
2019-03-26

CVE-2017-14396

In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Max CVSS
9.8
EPSS Score
0.21%
Published
2017-09-12
Updated
2017-09-21
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close