HotOpentickets Privilege Escalation

medium Nessus Plugin ID 12089

Language:

Synopsis

The remote web server is running a PHP application that is affected by a privilege escalation vulnerability.

Description

The remote host is running HotOpenTickets, a web-based ticketing system. A vulnerability has been disclosed in all versions of this software before version 02272004_ver2c which may allow an attacker to escalate privileges on this server.

Solution

Upgrade to Hot Open Tickets 02272004_ver2c or later.

See Also

http://sourceforge.net/forum/forum.php?forum_id=355697

Plugin Details

Severity: Medium

ID: 12089

File Name: hotopentickets_unspecified_flaw.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 3/4/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Reference Information

BID: 9790