CVE-2004-0613

osTicket - RCE

Title source: llm

Description

osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Guy Pearce · phpwebappsphp

https://www.exploit-db.com/exploits/24225

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=108786779500957&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16478

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/10586

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16477

Scores

EPSS 0.0678

EPSS Percentile 91.3%

Details

Status published

Products (1)

osticket/osticket_sts 1.2

Published Dec 06, 2004

Tracked Since Feb 18, 2026