CVE-2005-2154

Properties

Published:
05.07.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
osTicket: osTicket STS
osTicket: osTicket STS
osTicket: osTicket STS

Vulnerability description

PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.

References:

BUGTRAQ: http://seclists.org/lists/bugtraq/2005/Jul/0009.html
BID: http://www.securityfocus.com/bid/14127
SECTRACK: http://securitytracker.com/id?1014373