Description

PHP remote file inclusion vulnerability in open_form.php in osTicket allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter.

Remediation

References

CVE-2006-5407

Related Vulnerabilities

Ruby Improper Input Validation Vulnerability (CVE-2011-2705)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5842)

Squid Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-19132)

Apache HTTP Server Use After Free Vulnerability (CVE-2019-10082)

Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5485)

Severity

High

Classification

CVE-2006-5407

Tags

Missing Update Known Vulnerabilities