Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2005-2154 | First vendor Publication | 2005-07-06 |
| Vendor | Cve | Last vendor Modification | 2008-09-05 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2154 |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-193 | PHP Remote File Inclusion |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 17716 | osTicket open.php Arbitrary Local File Inclusion osTicket contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'open.php' script not properly sanitizing user-supplied input. This may allow a remote attacker to send a specially crafted URL to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script. |
| 17715 | osTicket view.php inc Variable Arbitrary Local File Inclusion osTicket contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'view.php' script not properly sanitizing user input supplied to the 'inc' variable. This may allow a remote attacker to send a specially crafted URL to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-03 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-571.nasl - Type : ACT_GATHER_INFO |
| 2005-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-571.nasl - Type : ACT_GATHER_INFO |
| 2005-07-05 | Name : The remote web server contains a PHP application that is prone to multiple vu... File : osticket_131.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
| Source | Url |
|---|---|
| BID | http://www.securityfocus.com/bid/14127 |
| BUGTRAQ | http://seclists.org/lists/bugtraq/2005/Jul/0009.html |
| SECTRACK | http://securitytracker.com/id?1014373 |
Alert History
| Date | Informations |
|---|---|
| 2021-05-04 12:03:03 |
|
| 2021-04-22 01:03:19 |
|
| 2020-05-23 00:16:40 |
|
| 2016-04-26 13:38:43 |
|
| 2014-02-17 10:32:02 |
|
| 2013-05-11 11:28:26 |
|
