Peter Rotich

3 exploits Active since Nov 2020
CVE-2020-24881 NOMISEC CRITICAL WORKING POC
osTicket < 1.14.3 - Server-Side Request Forgery
SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.
CVSS 9.8
CVE-2021-42235 WRITEUP CRITICAL WRITEUP
osTicket < 1.14.8 and 1.15.4 - SQL Injection in Login and Password Reset Process
SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality.
CVSS 9.8
CVE-2022-31888 WRITEUP HIGH WRITEUP
osTicket <= 1.16.2 - Session Fixation in class.auth.php Login Function
Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.
CVSS 8.8