Description

** DISPUTED ** Directory traversal vulnerability in osTicket 1.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to module.php, a different vector than CVE-2005-1439. NOTE: this issue has been disputed by a reliable third party.

Remediation

References

CVE-2010-4634

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-3058)

Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11817)

Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-29508)

WordPress Plugin Ldap WP Login/Active Directory Integration Multiple Vulnerabilities (3.0.1)

WebLogic CVE-2020-5421 Vulnerability (CVE-2020-5421)

Severity

Medium

Classification

CVE-2010-4634 CWE-22

Tags

Missing Update Known Vulnerabilities