CVE-2019-14749
high-risk
Published 2019-08-07
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
Do I need to act?
!
14.8% chance of exploitation in next 30 days
EPSS score — higher than 85% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (10)
Third Party Advisory
http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html
Third Party Advisory
https://www.exploit-db.com/exploits/47225
Third Party Advisory
http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html
Third Party Advisory
https://www.exploit-db.com/exploits/47225
54
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
19/34 · Moderate
Exposure
5/34 · Minimal