Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Enhancesoft osTicket 安全漏洞
Vulnerability Description
Enhancesoft osTicket是美国Enhancesoft公司的一套基于PHP的免费轻量级问题回馈系统。该系统支持电子邮件查询等。 Enhancesoft osTicket 1.10.1版本中存在安全漏洞,该漏洞源于程序没有正确的验证上传的文件内容。攻击者可利用该漏洞向该应用程序上传带有恶意内容的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A