osticket security advisories

2 threat alerts tracking vulnerabilities and security advisories that affect osticket products.

Vulnios monitors osticket CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent osticket security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2017-15580 — osticket — osticket
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as
criticalCVE-2017-15580
Critical Vulnerability: CVE-2017-14396 — osticket — osticket
In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
criticalCVE-2017-14396

Track osticket exposure across your environment

Vulnios automatically cross-references your asset inventory against new osticket CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

osticket security advisories

Critical Vulnerability: CVE-2017-15580 — osticket — osticket

Critical Vulnerability: CVE-2017-14396 — osticket — osticket

Track osticket exposure across your environment