VYPR
Critical severity9.8NVD Advisory· Published Oct 23, 2017· Updated Jun 17, 2026

CVE-2017-15580

CVE-2017-15580

Description

osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Osticket/Osticket2 versions
    cpe:2.3:a:osticket:osticket:1.10.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:osticket:osticket:1.10.1:*:*:*:*:*:*:*
    • (no CPE)range: 1.10.1

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.