Vulnerabilities
Vulnerable Software
Osticket:  Security Vulnerabilities
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2025-06-02
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
CVSS Score
9.8
EPSS Score
0.16
Published
2017-10-23
osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protections, injection of iframes to establish communication channels, etc. The vulnerability is present after login into the application. This affects a different tickets.php file than CVE-2015-1176.
CVSS Score
6.1
EPSS Score
0.012
Published
2017-10-16
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
CVSS Score
9.8
EPSS Score
0.029
Published
2017-09-12
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
CVSS Score
7.5
EPSS Score
0.03
Published
2010-02-11
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
CVSS Score
3.5
EPSS Score
0.009
Published
2010-02-11
Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter.
CVSS Score
4.3
EPSS Score
0.014
Published
2006-12-26
SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable.
CVSS Score
7.5
EPSS Score
0.013
Published
2005-07-06
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.
CVSS Score
7.5
EPSS Score
0.024
Published
2005-07-06
Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.
CVSS Score
7.5
EPSS Score
0.013
Published
2005-05-03


Contact Us

Shodan ® - All rights reserved