Detections
Analytics

osTicket < 1.3.1 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 3046

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of osTicket installed on the remote host suffers from several vulnerabilities, including:

- A Local File Include Vulnerability
The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. After authentication, an attacker can exploit this flaw to run arbitrary PHP code found in files on the remote host provided PHP's 'register_globals' setting is enabled.

- A SQL Injection Vulnerability
An authenticated attacker can affect SQL queries via POST queries due to a failure of the application to filter input to the 'ticket' variable in the 'class.ticket.php' code library.

Solution

Upgrade to version 1.3.1 or higher.

See Also

http://www.gulftech.org/?node=research&article_id=00071-05022005

http://www.osticket.com/forums/showthread.php?t=1283

http://www.securityfocus.com/archive/1/403990/30/0/threaded

http://www.osticket.com/news/sec,05,01.html

Plugin Details

Severity: Medium

ID: 3046

Family: CGI

Published: 7/5/2005

Updated: 3/6/2019

Nessus ID: 18612

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 6

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:osticket:osticket

Reference Information

CVE: CVE-2005-1436, CVE-2005-1437, CVE-2005-1438, CVE-2005-1439, CVE-2005-2153, CVE-2005-2154

BID: 13478, 14127