CVE-2019-14749
osTicket 1.12 - Formula Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
Se detectó un problema en osTicket versiones anteriores a 1.10.7 y versiones 1.12.x anteriores a 1.12.1. Una inyección CSV (también se conoce como Formula) se presenta en la funcionalidad export spreadsheets. Estas hojas de cálculo se generan dinámicamente a partir de la entrada de usuario no comprobada o no filtrada en los campos Name y Internal Notes de la pestaña Users y el campo Issue Summary de la pestaña Tickets. Esto permite a otros agentes descargar datos en formato de archivo .csv o .xls. Esto es usado como entrada para aplicaciones de hoja de cálculo como Excel y OpenOffice Calc, lo que resulta en una situación en la que las celdas de las hojas de cálculo pueden contener entradas de una fuente no confiable. Como resultado, el usuario final que accede a la hoja de cálculo exportada puede estar afectado.
An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. CSV (aka Formula) injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and the Issue Summary field in the tickets tab. This allows other agents to download data in a .csv file format or .xls file format. This is used as input for spreadsheet applications such as Excel and OpenOffice Calc, resulting in a situation where cells in the spreadsheets can contain input from an untrusted source. As a result, the end user who is accessing the exported spreadsheet can be affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-07 CVE Reserved
- 2019-08-07 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2024-12-28 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-1236: Improper Neutralization of Formula Elements in a CSV File
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/154004/osTicket-1.12-Formula-Injection.html | Third Party Advisory |
|
| https://github.com/osTicket/osTicket/releases/tag/v1.10.7 | Release Notes | |
| https://github.com/osTicket/osTicket/releases/tag/v1.12.1 | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/47225 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/osTicket/osTicket/commit/99818486c5b1d8aa445cee232825418d6834f249 | 2020-08-24 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Osticket Search vendor "Osticket" | Osticket Search vendor "Osticket" for product "Osticket" | < 1.10.7 Search vendor "Osticket" for product "Osticket" and version " < 1.10.7" | - |
Affected
| ||||||
| Osticket Search vendor "Osticket" | Osticket Search vendor "Osticket" for product "Osticket" | >= 1.12 < 1.12.1 Search vendor "Osticket" for product "Osticket" and version " >= 1.12 < 1.12.1" | - |
Affected
| ||||||