CVE-2005-2154

osTicket <1.3.1 - Local File Inclusion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2154. PoCs published by edisan & foster.

AI-analyzed exploit summary The provided text describes SQL injection and local file inclusion vulnerabilities in osTicket 1.3.1 beta and prior versions. It includes a generic example URL for the LFI but lacks actual exploit code or technical details.

Description

PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by edisan & foster · textwebappsphp
https://www.exploit-db.com/exploits/25926

The provided text describes SQL injection and local file inclusion vulnerabilities in osTicket 1.3.1 beta and prior versions. It includes a generic example URL for the LFI but lacks actual exploit code or technical details.

Classification
Writeup 90%
Attack Type
Sqli | Other
Complexity
Trivial
Reliability
Theoretical
Target: osTicket <= 1.3.1 beta
No auth needed
Prerequisites: Network access to the target application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014373
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14127
Exploit, Vendor Advisory mailing-list x_refsource_bugtraq
http://seclists.org/lists/bugtraq/2005/Jul/0009.html

Scores

EPSS 0.0244
EPSS Percentile 82.4%

Details

Status published
Products (3)
osticket/osticket_sts 1.2
osticket/osticket_sts 1.2.7
osticket/osticket_sts 1.3_beta
Published Jul 06, 2005
Tracked Since Feb 18, 2026