Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

osTicket Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-24881)

Description

SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform port scanning.

Remediation

References

Related Vulnerabilities

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-7981)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6897)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0063)

WordPress Plugin PitchPrint Arbitrary File Upload (7.2.1)

ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-10400)

Severity

Critical

Classification

CVE-2020-24881 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities