CVE-2017-15580

🗓️ 23 Oct 2017 08:00:00Reported by mitreType

cve

cve🔗 web.nvd.nist.gov👁 73 Views🌐 WEB

osTicket 1.10.1 vulnerability allows arbitrary file uploa

Reporter	Title	Published	Views	Family All 9
0day.today	osTicket 1.10.1 Shell Upload Vulnerability	25 Oct 201700:00	–	zdt
CNVD	OsTicket File Upload Vulnerability	26 Oct 201700:00	–	cnvd
Cvelist	CVE-2017-15580	23 Oct 201708:00	–	cvelist
Exploit DB	osTicket 1.10.1 - Arbitrary File Upload	8 Aug 201800:00	–	exploitdb
exploitpack	osTicket 1.10.1 - Arbitrary File Upload	8 Aug 201800:00	–	exploitpack
NVD	CVE-2017-15580	23 Oct 201708:29	–	nvd
OSV	CVE-2017-15580	23 Oct 201708:29	–	osv
Packet Storm	osTicket 1.10.1 Shell Upload	25 Oct 201700:00	–	packetstorm
Prion	Design/Logic Flaw	23 Oct 201708:29	–	prion

NVD

Node

osticket osticketMatch1.10.1

Source	Link
cxsecurity	www.cxsecurity.com/issue/WLB-2017100187
becomepentester	www.becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html
packetstormsecurity	www.packetstormsecurity.com/files/144747/osticket1101-shell.txt
exploit-db	www.exploit-db.com/exploits/45169/
nakedsecurity	www.nakedsecurity.com/cve/CVE-2017-15580/
0day	www.0day.today/exploits/28864
cyber-security	www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/

Parameter	Position	Path	Description	CWE
id	query param	tickets.php?id=<ticket_number>#reply	osTicket 1.10.1 allows uploading arbitrary files by bypassing server-side content validation, enabling upload of malicious files.	CWE-434

13 May 2026 00:24Current

9.4High risk

Vulners AI Score9.4

CVSS 27.5

CVSS 39.8

EPSS0.3584

osticket cve-2017-15580 arbitrary file upload web application security nvd