Osticket: Security Vulnerabilities
Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2005-05-03
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
CVSS Score
7.5
EPSS Score
0.007
Published
2005-05-03
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
CVSS Score
7.5
EPSS Score
0.009
Published
2005-05-03
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
CVSS Score
7.5
EPSS Score
0.068
Published
2004-12-06
osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size.
CVSS Score
6.4
EPSS Score
0.006
Published
2004-12-06
Page 4