5 matches found
CVE-2019-14749
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...
osTicket 1.12 - Formula Injection
Exploit Title: osTicket-v1.12 Formula Injection Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website: https://about.me/aishiyer Category: webapps CVE: CVE-2019-14749 1. Description An issu...
CVE-2019-14749
creationtimestamp| type| source ---|---|--- 2019-08-12 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47225...
osTicket < 1.10.7, 1.12.x < 1.12.1 Multiple Vulnerabilities
osTicket is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-14749
Summary: CVE-2019-14749 affects osTicket before 1.10.7 and 1.12.x before 1.12.1, where the export spreadsheets feature can inject formulas (CSV/XLS) via unvalidated input in Name/Internal Notes (Users tab) and Issue Summary (Tickets tab). This can cause a Formula Injection in downloaded spreadshe...