Edisan

Name of the Vulnerable Software and Affected Versions: osTicket versions 1.3.1 beta and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands via the `ticket` variable in the class.ticket.php file. Recommendations: For osTicket versions 1.3.1 beta and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: osTicket versions 1.3.1 beta and earlier Description: The issue allows remote attackers to include and possibly execute arbitrary local files. This is achieved via the `inc` parameter in the "view.php" and "open.php" files. Recommendations: For osTicket versions 1.3.1 beta and earlier, consider restricting access to the `inc` parameter in the "view.php" and "open.php" files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.