Osticket
CVE-2020-24881
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
AnalysisAI
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.3%.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning. Affected products include: Enhancesoft Osticket. Version information: before 1.14.3.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. Rated critical severity (CVSS 9
Arbitrary local file read in Enhancesoft osTicket 1.18.x (before 1.18.3) and 1.17.x (before 1.17.7) lets a remote unauth
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Rated high severity (CVSS 8.8), this vulnera
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Rated medium severity (CVSS 6.1), this vulne
Enhancesoft osTicket before 1.10.2 allows remote attackers to reset arbitrary passwords (when an associated e-mail addre
A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 cha
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticate
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.ph
Cross-site scripting (XSS) vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers
Cross-site scripting (XSS) vulnerability in /scp/directory.php in Enhancesoft osTicket before 1.10.2 allows remote attac
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authentica
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today