Vulnerability CVE-2017-15580


Published: 2017-10-23

Description:
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.

See advisories in our WLB2 database:
Topic
Author
Date
High
osTicket 1.10.1 Shell Upload
Rajwinder Singh*
25.10.2017

Type:

CWE-434

(Unrestricted Upload of File with Dangerous Type)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Osticket -> Osticket 
IBM -> Maximo asset management 
IBM -> Maximo asset management essentials 

 References:
http://0day.today/exploits/28864
http://nakedsecurity.com/cve/CVE-2017-15580/
https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html
https://cxsecurity.com/issue/WLB-2017100187
https://packetstormsecurity.com/files/144747/osticket1101-shell.txt
https://www.exploit-db.com/exploits/45169/

Copyright 2024, cxsecurity.com

 

Back to Top