Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

osTicket Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-30082)

Description

A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. This can cause the website to go down or stop responding. When a long password is entered, this procedure will consume all available CPU and memory.

Remediation

References

Related Vulnerabilities

WordPress Plugin Frontend File Manager Arbitrary File Upload (3.9)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2355)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22875)

ZenCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4322)

XWiki Uncontrolled Resource Consumption Vulnerability (CVE-2024-21651)

Severity

High

Classification

CVE-2023-30082 CWE-1284 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities