Local File Inclusion Vulnerability in osTicket by osTicket, Inc.
CVE-2005-2154

Currently unrated

Key Information:

Vendor: Osticket
Status: Osticket Sts
Vendor: CVE Published:; 6 July 2005

What is CVE-2005-2154?

The vulnerability in osTicket versions prior to 1.3.1 beta stems from the improper handling of user inputs in the view.php and open.php files. This flaw allows remote attackers to manipulate the 'inc' parameter, leading to the inclusion and potential execution of arbitrary local files on the server. Such unauthorized access can compromise sensitive data and overall system integrity, necessitating immediate updates and mitigations for affected installations.

References

http://securitytracker.com/id?1014373

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/14127

vdb-entryx_refsource_BID

http://seclists.org/lists/bugtraq/2005/Jul/0009.html

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 6, 2005

CVE-2005-2154 Data

JSON

Osticket

What is CVE-2005-2154?

References

Timeline