Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
osticket osticket vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-31890
SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.
Enhancesoft Audit Log
1 Github repository
9.8
CVSSv3
CVE-2021-42235
SQL injection in osTicket prior to 1.14.8 and 1.15.4 login and password reset process allows malicious users to access the osTicket administration profile functionality.
Enhancesoft Osticket
9.8
CVSSv3
CVE-2020-24881
SSRF exists in osTicket prior to 1.14.3, where an attacker can add malicious file to server or perform port scanning.
Osticket Osticket
9.8
CVSSv3
CVE-2017-15580
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extensio...
Osticket Osticket 1.10.1
1 EDB exploit
9.8
CVSSv3
CVE-2017-14396
In osTicket prior to 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Osticket Osticket 1.10
1 EDB exploit
8.8
CVSSv3
CVE-2022-31888
Session Fixation vulnerability in in function login in class.auth.php in osTicket up to and including 1.16.2.
Enhancesoft Osticket
8.8
CVSSv3
CVE-2019-14749
An issue exists in osTicket prior to 1.10.7 and 1.12.x prior to 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the...
Osticket Osticket
1 EDB exploit
8.1
CVSSv3
CVE-2018-7195
Enhancesoft osTicket prior to 1.10.2 allows remote malicious users to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
Osticket Osticket
7.5
CVSSv3
CVE-2023-30082
A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure w...
Enhancesoft Osticket 1.17.2
6.5
CVSSv3
CVE-2021-45811
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated malicious users to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
Enhancesoft Osticket
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »