{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.10.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "9ae093da56c7d81f2b2d3fef0a8baa61f1e73cde" } ], "repo": "https://github.com/osticket/osticket-1.8", "type": "GIT" } ] } ], "details": "osTicket 1.10.1 provides a functionality to upload 'html' files with associated formats. However, it does not properly validate the uploaded file's contents and thus accepts any type of file, such as with a tickets.php request that is modified with a .html extension changed to a .exe extension. An attacker can leverage this vulnerability to upload arbitrary files on the web application having malicious content.", "id": "CVE-2017-15580", "modified": "2026-03-15T21:51:13.974076092Z", "published": "2017-10-23T08:29:00.713Z", "references": [ { "type": "ADVISORY", "url": "http://0day.today/exploits/28864" }, { "type": "ADVISORY", "url": "http://nakedsecurity.com/cve/CVE-2017-15580/" }, { "type": "ARTICLE", "url": "https://www.cyber-security.ro/blog/2017/10/25/osticket-1-10-1-shell-upload/" }, { "type": "EVIDENCE", "url": "https://cxsecurity.com/issue/WLB-2017100187" }, { "type": "EVIDENCE", "url": "https://packetstormsecurity.com/files/144747/osticket1101-shell.txt" }, { "type": "EVIDENCE", "url": "https://www.exploit-db.com/exploits/45169/" }, { "type": "EVIDENCE", "url": "https://becomepentester.blogspot.com/2017/10/osTicket-File-Upload-Restrictions-Bypassed-CVE-2017-15580.html" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }