Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number.
AnalysisAI
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Technical ContextAI
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail address is known) by leveraging guest access and guessing a 6-digit number. Affected products include: Enhancesoft Osticket. Version information: before 1.10.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Rate
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. Rated critical severity (CVSS 9
Arbitrary local file read in Enhancesoft osTicket 1.18.x (before 1.18.3) and 1.17.x (before 1.17.7) lets a remote unauth
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Rated high severity (CVSS 8.8), this vulnera
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Rated medium severity (CVSS 6.1), this vulne
A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 cha
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticate
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.ph
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attac
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authentica
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today