osTicket 1.21.3 - view.php?inc Arbitrary Local File Inclusion

Type exploitpack
Reporter edisan foster
Modified 2005-06-30T00:00:00


osTicket 1.21.3 - view.php?inc Arbitrary Local File Inclusion

                                            source: https://www.securityfocus.com/bid/14127/info

osTicket is affected by multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

The following specific issues were identified:

- An SQL-injection vulnerability. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

- A local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

osTicket 1.3.1 beta and prior versions are affected.