CVE-2020-24881

CRITICAL NUCLEI

osTicket < 1.14.3 - Server-Side Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-24881. PoCs published by Talat Mehmood, harshtech123. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a writeup describing an SSRF vulnerability in osTicket versions before 1.14.3. The exploit involves embedding a malicious image tag in a ticket, which triggers an internal server request when the ticket is printed.

Description

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

Exploits (2)

exploitdb WRITEUP

by Talat Mehmood · textwebappsphp

https://www.exploit-db.com/exploits/49441

View Code ZIP pw:eip

This is a writeup describing an SSRF vulnerability in osTicket versions before 1.14.3. The exploit involves embedding a malicious image tag in a ticket, which triggers an internal server request when the ticket is printed.

Classification

Writeup 90%

Attack Type

Ssrf

Complexity

Trivial

Reliability

Reliable

Target: osTicket <1.14.3

Auth required

Prerequisites: Valid user credentials to create a ticket · Ability to submit HTML-formatted content

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by harshtech123 · poc

https://github.com/harshtech123/cve-2020-24881

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2020-24881, which targets osTicket's API endpoints. The scripts demonstrate how to create tickets and interact with the API, potentially exploiting misconfigurations or vulnerabilities in the API key handling.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: osTicket (versions affected by CVE-2020-24881)

Auth required

Prerequisites: Valid API key or method to bypass API key authentication · Access to the osTicket API endpoints

MITRE ATT&CK

T1110 - Brute Force T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

OsTicket < 1.14.3 - Server Side Request Forgery

CRITICALVERIFIEDby hnd3884

Shodan: title:"osticket"

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/osTicket/osTicket/commit/d98c2d096aeb8876c6ab2f88317cd371d781f14d

View Patch ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://blackbatsec.medium.com/cve-2020-24881-server-side-request-forgery-in-osticket-eea175e147f0

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/160995/osTicket-1.14.2-Server-Side-Request-Forgery.html

Scores

CVSS v3 9.8

EPSS 0.7387

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-918

Status published

Products (1)

osticket/osticket < 1.14.3

Published Nov 02, 2020

Tracked Since Feb 18, 2026