Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-22200 PoC — Enhancesoft osTicket 注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2026/CVE-2026-22200.yaml
Associated Vulnerability
Title:Enhancesoft osTicket 注入漏洞 (CVE-2026-22200)
Description:Enhancesoft osTicket是美国Enhancesoft公司的一套开源的票务系统。 Enhancesoft osTicket 1.18.2及之前版本存在注入漏洞,该漏洞源于票据PDF导出功能存在任意文件读取,可能导致远程攻击者通过特制富文本HTML泄露服务器文件系统中的敏感本地文件。
Description
Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficiently sanitized before being processed by the mPDF PDF generator during export. When the attacker exports the ticket to PDF, the generated PDF can embed the contents of attacker-selected files from the server filesystem as bitmap images, allowing disclosure of sensitive local files in the context of the osTicket application user. This issue is exploitable in default configurations where guests may create tickets and access ticket status, or where self-registration is enabled.
File Snapshot

 id: CVE-2026-22200

info:
  name: osTicket - Arbitrary File Read
  author: DhiyaneshDk
  severity: h

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.