| VID |
21575 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The osTicket program is vulnerable to multiple input validation vulnerabilities. osTicket is an open-source support ticket program for Microsoft Windows, Unix and Linux operating systems. osTicket versions 1.2.7 and earlier and possibly other versions are vulnerable to multiple input validation vulnerabilities as listed in the below. A remote attacker who successfully exploited the most severe of these vulnerabilities could execute arbitrary code on the vulnerable system.
- A Remote File Include Vulnerability
- Multiple SQL Injection Vulnerabilities
- Multiple Cross-Site Scripting Vulnerabilities
- Multiple Directory Traversal Vulnerabilities
* References:
http://www.gulftech.org/?node=research&article_id=00071-05022005
http://secunia.com/advisories/15216/
* Platforms Affected:
osTicket, osTicket STS versions 1.2.7 and earlier
osTicket, osTicket STS 1.3 beta
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of osTicket (1.3.1 or later), available from the osTicket Download Web site at http://www.osticket.com/downloads.php |
| Related URL |
CVE-2005-1436,CVE-2005-1437,CVE-2005-1438,CVE-2005-1439 (CVE) |
| Related URL |
13478 (SecurityFocus) |
| Related URL |
20350,20351,20352,20354,20355 (ISS) |
|
