cvedb.io
CVE-2017-15580
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2017-10-23T08:29:00.713 · Last modified 2026-06-17T01:07:54.837

Summary

osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.

Affected products

osticket — osticket

Does this affect you?

Add your gear to cvedb and we'll alert you only when osticket ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.