CVE-2005-2154 in osTicket STS
Summary
by MITRE
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/10/2025
The vulnerability identified as CVE-2005-2154 represents a critical local file inclusion flaw within the osTicket 1.3.1 beta and earlier versions, specifically affecting the view.php and open.php scripts. This vulnerability falls under the category of CWE-98, which describes improper input validation leading to local file inclusion attacks. The flaw stems from insufficient sanitization of user-supplied input parameters, particularly the 'inc' parameter that is processed without adequate validation or filtering mechanisms. Attackers can exploit this weakness by manipulating the inc parameter to reference local files on the server filesystem, potentially leading to unauthorized access to sensitive system resources.
The technical exploitation of this vulnerability occurs when the application fails to properly validate or sanitize the inc parameter value before using it in file inclusion operations. This allows remote attackers to craft malicious requests that can cause the application to include arbitrary local files, potentially leading to code execution or information disclosure. The vulnerability is particularly dangerous because it enables attackers to traverse the filesystem and access files that should remain protected, including configuration files, database credentials, or system logs. The impact extends beyond simple information disclosure as it can potentially allow attackers to execute arbitrary code on the target system.
From an operational perspective, this vulnerability presents a significant risk to organizations using affected osTicket versions, as it provides attackers with a direct path to compromise the application server. The attack surface is broad since the vulnerability affects core application functionality through commonly accessed scripts like view.php and open.php. The exploitability is high given that no authentication is required to perform the file inclusion attack, making it particularly dangerous in environments where the application is accessible from untrusted networks. Organizations may experience unauthorized access to sensitive customer data, system compromise, or complete server takeover depending on the privileges of the web application process.
Security mitigations for this vulnerability should focus on implementing proper input validation and sanitization measures for all user-supplied parameters. The recommended approach includes implementing a whitelist-based validation system that only permits predefined, safe values for the inc parameter, rather than allowing arbitrary file paths. Organizations should also implement proper access controls and file permission settings to limit what files can be accessed through the web application. Additionally, upgrading to patched versions of osTicket is essential, as this vulnerability was addressed in subsequent releases through improved input validation and secure coding practices. The remediation process should also include comprehensive security testing to ensure no other similar vulnerabilities exist within the application codebase, following established security standards such as those outlined in the OWASP Top Ten and NIST cybersecurity guidelines.