ID de Prueba:	1.3.6.1.4.1.25623.1.0.13645
Categoría:	Web application abuses
Título:	osTicket < 1.2.7 Attachment Code Execution Vulnerability - Active Check
Resumen:	The target is running at least one instance of osTicket that; enables a remote user to open a new ticket with an attachment containing arbitrary PHP code and; then to run that code using the permissions of the web server user.
Descripción:	Summary: The target is running at least one instance of osTicket that enables a remote user to open a new ticket with an attachment containing arbitrary PHP code and then to run that code using the permissions of the web server user. Solution: Apply FileTypes patch or update to osTicket STS 1.2.7 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0613 BugTraq ID: 10586 http://www.securityfocus.com/bid/10586 Bugtraq: 20040621 Multiple osTicket exploits! (Google Search) http://marc.info/?l=bugtraq&m=108786779500957&w=2 XForce ISS Database: osticket-php-file-upload(16477) https://exchange.xforce.ibmcloud.com/vulnerabilities/16477 XForce ISS Database: osticket-view-attachments(16478) https://exchange.xforce.ibmcloud.com/vulnerabilities/16478
Copyright	Copyright (C) 2004 George A. Theall

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.