Lucene search
HistoryDec 06, 2004 - 5:00 a.m.
CVE-2004-0613
osticket
vulnerability
remote attackers
sensitive files
arbitrary code
nvd
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.117 Low
EPSS
Percentile
95.2%
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| osticket:osticket_sts | osticket osticket sts | eq | 1.2 |
Related
nessus
nessus
osTicket Attachment Handling File Upload Arbitrary Code Execution
2004-07-14 00:00:00
osTicket Arbitrary Attachment Disclosure
2004-07-14 00:00:00
openvas
openvas
osTicket < 1.2.7 Attachment Code Execution Vulnerability - Active Check
2005-11-03 00:00:00
osTicket Attachment Viewing Vulnerability
2005-11-03 00:00:00
osTicket < 1.2.7 Attachment Viewing Vulnerability
2005-11-03 00:00:00
7.7 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.117 Low
EPSS
Percentile
95.2%
Related for CVE-2004-0613