| ID |
CVE-2005-2154
|
| Summary |
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:osticket:osticket_sts:1.2:*:*:*:*:*:*:*
cpe:2.3:a:osticket:osticket_sts:1.2:*:*:*:*:*:*:*
-
cpe:2.3:a:osticket:osticket_sts:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:osticket:osticket_sts:1.2.7:*:*:*:*:*:*:*
-
cpe:2.3:a:osticket:osticket_sts:1.3_beta:*:*:*:*:*:*:*
cpe:2.3:a:osticket:osticket_sts:1.3_beta:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 7.5 (as of 05-09-2008 - 20:51) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
PARTIAL |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| refmap
via4
|
| bid | 14127 | | bugtraq | 20050701 [SECURITY ALERT] osTicket bugs | | sectrack | 1014373 |
|
| Last major update |
05-09-2008 - 20:51 |
| Published |
06-07-2005 - 04:00 |
| Last modified |
05-09-2008 - 20:51 |
