[VIM] osTicket 1.6 - Local File Inclusion

Steve Tornio steve at vitriol.net
Tue Nov 9 17:32:41 CST 2010


On Tue, Nov 9, 2010 at 8:26 AM, George A. Theall <theall at tenable.com> wrote:
> Bugtraq ID 44739 / Exploit DB 15471 cover a local file inclusion issue
> reported by d3v11 and affecting the 'module.php' script in osTicket 1.6. The
> sample PoC SecurityFocus gives is:

Exploit-DB yanked this one a little while ago. Apparently, it was
approved in error.

>
> Btw, the EDB advisory says the issue's been verified. What exactly does that
> mean? Who's verified the vulnerability and how was it done?
>


More information about the VIM mailing list