osTicket < 1.3.1 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 3046

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of osTicket installed on the remote host suffers from several vulnerabilities, including:

- A Local File Include Vulnerability
The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. After authentication, an attacker can exploit this flaw to run arbitrary PHP code found in files on the remote host provided PHP's 'register_globals' setting is enabled.

- A SQL Injection Vulnerability
An authenticated attacker can affect SQL queries via POST queries due to a failure of the application to filter input to the 'ticket' variable in the 'class.ticket.php' code library.

Solution

Upgrade to version 1.3.1 or higher.

See Also

http://www.osticket.com/forums/showthread.php?t=1283

http://www.securityfocus.com/archive/1/403990/30/0/threaded

http://www.osticket.com/news/sec,05,01.html

http://www.gulftech.org/?node=research&amp;article_id=00071-05022005

Plugin Details

Severity: Medium

ID: 3046

Family: CGI

Published: 2005/07/05

Modified: 2016/02/05

Dependencies: 1442

Nessus ID: 18612

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5.8

Temporal Score: 5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:OF/RC:C

CVSSv3

Base Score: 6.2

Temporal Score: 5.9

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:O/RC:C

Reference Information

CVE: CVE-2005-2154, CVE-2005-2153, CVE-2005-1436, CVE-2005-1437, CVE-2005-1438, CVE-2005-1439

BID: 13478, 14127