Summary
The target is running at least one instance of osTicket that enables a remote user to open a new ticket with an attachment containing arbitrary PHP code and then to run that code using the permissions of the web server user.
Solution
Apply FileTypes patch or upgrade to osTicket STS 1.2.7 or later.
Severity
Classification
-
CVE CVE-2004-0613 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities