Vulnerabilities > CVE-2005-2153 - Input Validation vulnerability in OSTicket

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

osticket

nessus

NVD

Published: 2005-07-06

Updated: 2008-09-05

Summary

SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable.

Vulnerable Configurations

Part	Description	Count
Application	Osticket Osticket Osticket STS 1.2 Osticket Osticket STS 1.2.7 Osticket Osticket STS 1.3_Beta	3

Nessus

NASL family	CGI abuses
NASL id	OSTICKET_131.NASL
description	The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	18612
published	2005-07-05
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18612
title	osTicket <= 1.3.1 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Nessus

References