Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

osTicket Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-24881)

Description

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

Remediation

References

Related Vulnerabilities

WordPress Plugin Email Encoder-Protect Email Addresses Multiple Cross-Site Scripting Vulnerabilities (1.4.3)

IBM RTC Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-4974)

ownCloud CVE-2022-43679 Vulnerability (CVE-2022-43679)

WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)

axios Permissive List of Allowed Inputs Vulnerability (CVE-2026-42042)

Severity

Critical

Classification

CVE-2020-24881 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities