CNNVD-202601-1821 Information

Jan 12, 2026 cve

CNNVD ID

CNNVD-202601-1821

CVE-2026-22200

CNNVD Published: 2026-01-12

Description (Chinese)

Enhancesoft osTicket是美国Enhancesoft公司的一套开源的票务系统。 Enhancesoft osTicket 1.18.2及之前版本存在注入漏洞，该漏洞源于票据PDF导出功能存在任意文件读取，可能导致远程攻击者通过特制富文本HTML泄露服务器文件系统中的敏感本地文件。

Description (English)

Enhancesoft osTicket is an open-source ticketing system for the United States company Enhancesoft. Enhancesoft osTicket 1.1.8.2 and previous versions have an infusion loophole, which stems from the fact that the PDF export function has random access to documents, which may lead to remote attackers leaking sensitive local files in server file systems through a specially made version HTML.

Hazard Level

Medium

Vulnerability Type

注入

Affected Vendor

Enhancesoft

Published

2026-01-12

Last Modified

2026-02-24

References

https://github.com/osTicket/osTicket/commit/c59b067 https://www.vulncheck.com/advisories/osticket-pdf-export-arbitrary-file-read https://osticket.com/ https://github.com/osTicket/osTicket/releases/tag/v1.18.3 https://github.com/osTicket/osTicket/releases/tag/v1.17.7 https://access.redhat.com/security/cve/cve-2026-22200

Share on: