Download
| Alert*
oval:org.secpod.oval:def:70598
It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics. oval:org.secpod.oval:def:1901409 In Open Ticket Request System 3.3.x before 3.3.18, 4.x before 4.0.25, and 5.x before 5.0.23, remote authenticated users can leverage statistics-write permissions to gain privileges via code injection. oval:org.secpod.oval:def:603158 It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics. |