Vulnerabilities > CVE-2005-2154 - Input Validation vulnerability in OSTicket

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
osticket
nessus
exploit available

Summary

PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.

Vulnerable Configurations

Part Description Count
Application
Osticket
3

Exploit-Db

descriptionOSTicket 1.2/1.3 view.php inc Variable Arbitrary Local File Inclusion. CVE-2005-2154. Webapps exploit for php platform
idEDB-ID:25926
last seen2016-02-03
modified2005-06-30
published2005-06-30
reporteredisan & foster
sourcehttps://www.exploit-db.com/download/25926/
titleOSTicket 1.2/1.3 view.php inc Variable Arbitrary Local File Inclusion

Nessus

  • NASL familyCGI abuses
    NASL idOSTICKET_131.NASL
    descriptionThe version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id18612
    published2005-07-05
    reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18612
    titleosTicket <= 1.3.1 Multiple Vulnerabilities
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-571.NASL
    descriptionUpdated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a request, the CUPS scheduler would use case-sensitive matching on the queue name to decide which authorization policy should be used. However, queue names are not case-sensitive. An unauthorized user could print to a password-protected queue without needing a password. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2154 to this issue. Please note that the version of CUPS included in Red Hat Enterprise Linux 4 is not vulnerable to this issue. All users of CUPS should upgrade to these erratum packages which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21842
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21842
    titleCentOS 3 : cups (CESA-2005:571)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-571.NASL
    descriptionUpdated CUPS packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX(R) operating systems. When processing a request, the CUPS scheduler would use case-sensitive matching on the queue name to decide which authorization policy should be used. However, queue names are not case-sensitive. An unauthorized user could print to a password-protected queue without needing a password. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2154 to this issue. Please note that the version of CUPS included in Red Hat Enterprise Linux 4 is not vulnerable to this issue. All users of CUPS should upgrade to these erratum packages which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id19213
    published2005-07-16
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19213
    titleRHEL 3 : cups (RHSA-2005:571)