Luca Cetro

**Name of the Vulnerable Software and Affected Versions** osTicket versions 1.17.5 and earlier **Description** A SQL injection issue exists in the Search functionality of the tickets.php page, allowing authenticated attackers to execute arbitrary SQL commands. This is achieved via a combination of the `keywords` and `topic id` URL parameters. **Recommendations** For osTicket versions 1.17.5 and earlier, consider restricting access to the tickets.php page until a patch is available. As a temporary workaround, avoid using the `keywords` and `topic id` parameters in combination in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Zucchetti Ad Hoc Infinity version 2.4 Description: A local file include issue in the `/servlet/Report` allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through `/jsp/zimg upload.jsp`. Recommendations: For Zucchetti Ad Hoc Infinity version 2.4, consider restricting access to the `/servlet/Report` and `/jsp/zimg upload.jsp` endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** osTicket version 1.15.x **Description** A SQL injection issue in the "Search" functionality of the "tickets.php" page allows authenticated attackers to execute arbitrary SQL commands via the combination of `keywords` and `topic id` URL parameters. **Recommendations** For osTicket version 1.15.x, as a temporary workaround, consider restricting access to the "Search" functionality in the "tickets.php" page until a patch is available. Avoid using the `keywords` and `topic id` parameters in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BooleBox Secure File Sharing Utility versions prior to 4.2.3.0 **Description** The issue allows for CSV injection through a crafted `user name` that is mishandled during export from the activity logs in the Audit Area. **Recommendations** For versions prior to 4.2.3.0, update to version 4.2.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** BooleBox Secure File Sharing Utility versions prior to 4.2.3.0 **Description** The issue allows for stored XSS via a crafted avatar field within My Account JSON data to the "Account.aspx" endpoint. This can be exploited by manipulating the `avatar` field in the JSON data. **Recommendations** For versions prior to 4.2.3.0, update to version 4.2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "Account.aspx" endpoint or disabling the ability to upload custom avatars until the update is applied. Avoid using the `avatar` field in the My Account JSON data until the issue is resolved.