Vulnerabilities > Osticket > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-24881 | Server-Side Request Forgery (SSRF) vulnerability in Osticket SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. | 7.5 |
| 2017-10-23 | CVE-2017-15580 | Unrestricted Upload of File with Dangerous Type vulnerability in Osticket 1.10.1 osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. | 7.5 |
| 2017-09-12 | CVE-2017-14396 | SQL Injection vulnerability in Osticket 1.10 In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. | 7.5 |
| 2010-02-11 | CVE-2010-0605 | SQL Injection vulnerability in Osticket SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter. | 7.5 |
| 2009-07-08 | CVE-2009-2361 | SQL Injection vulnerability in Osticket 1.6 SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. | 7.5 |
| 2006-10-19 | CVE-2006-5407 | Unspecified vulnerability in Osticket PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. | 7.5 |
| 2005-07-06 | CVE-2005-2154 | Input Validation vulnerability in OSTicket PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. | 7.5 |
| 2005-07-06 | CVE-2005-2153 | Input Validation vulnerability in OSTicket SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. | 7.5 |
| 2005-05-03 | CVE-2005-1439 | Directory Traversal vulnerability in osTicket Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. | 7.5 |
| 2005-05-03 | CVE-2005-1438 | Remote Security vulnerability in Osticket 1 PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. | 7.5 |