13 lines
No EOL
804 B
Text
13 lines
No EOL
804 B
Text
source: http://www.securityfocus.com/bid/14127/info
|
|
|
|
osTicket is affected by multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
|
|
|
|
The following specific issues were identified:
|
|
|
|
- An SQL-injection vulnerability. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
|
|
|
|
- A local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
|
|
|
|
osTicket 1.3.1 beta and prior versions are affected.
|
|
|
|
http://www.example.com/osticket/view.php?inc=x |