A vulnerability was found in osTicket up to 1.10.6/1.12.0 (Ticket Tracking Software). It has been rated as problematic. Affected by this issue is some unknown functionality of the component Ticket Creation. The manipulation as part of a Attachment leads to a unrestricted upload vulnerability (Persistent). Using CWE to declare the problem leads to CWE-434. The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Impacted is integrity. CVE summarizes:

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment.

The weakness was disclosed 08/07/2019 (Website). The advisory is shared for download at exploit-db.com. This vulnerability is handled as CVE-2019-14748 since 08/07/2019. The attack may be launched remotely. A simple authentication is required for exploitation. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1608.002.

Upgrading to version 1.10.7 or 1.12.1 eliminates this vulnerability.

Productinfo

Type

• Ticket Tracking Software

Name

• osTicket

Version

• 1.0
• 1.1
• 1.2
• 1.3
• 1.4
• 1.5
• 1.6
• 1.7
• 1.8
• 1.9
• 1.10
• 1.10.0
• 1.10.1
• 1.10.2
• 1.10.3
• 1.10.4
• 1.10.5
• 1.10.6
• 1.11
• 1.12

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion