- Description
- PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:osticket:osticket_sts:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00CBCE49-FA09-47BD-9584-486B32D58EFB"
},
{
"criteria": "cpe:2.3:a:osticket:osticket_sts:1.2.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2D83869-36F9-4AD0-8B90-AF2ACF281735"
},
{
"criteria": "cpe:2.3:a:osticket:osticket_sts:1.3_beta:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "528C4718-78C4-4C49-8759-1BB17E2A331F"
}
],
"operator": "OR"
}
]
}
]