Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Transport/Sendmail.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Transport/Sendmail.php@@ -1,17 +1,36 @@ <?php--/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mail\Transport; use Laminas\Mail; use Laminas\Mail\Address\AddressInterface; use Laminas\Mail\Header\HeaderInterface;+use Laminas\Mail\Transport\Exception\InvalidArgumentException;+use Laminas\Mail\Transport\Exception\RuntimeException; use Traversable;++use function assert;+use function count;+use function escapeshellarg;+use function gettype;+use function implode;+use function is_array;+use function is_callable;+use function is_object;+use function is_string;+use function mail;+use function preg_match;+use function restore_error_handler;+use function set_error_handler;+use function sprintf;+use function str_contains;+use function str_replace;+use function strtoupper;+use function substr;+use function trim;++use const PHP_OS;+use const PHP_VERSION_ID; /** * Class for sending email via the PHP internal mail() function@@ -34,18 +53,15 @@ /** * error information+ * * @var string */ protected $errstr;- /**- * @var string- */+ /** @var string */ protected $operatingSystem; /**- * Constructor.- * * @param null|string|array|Traversable $parameters OPTIONAL (Default: null) */ public function __construct($parameters = null)@@ -62,7 +78,7 @@ * Used to populate the additional_parameters argument to mail() * * @param null|string|array|Traversable $parameters- * @throws \Laminas\Mail\Transport\Exception\InvalidArgumentException+ * @throws InvalidArgumentException * @return Sendmail */ public function setParameters($parameters)@@ -73,10 +89,10 @@ } if (! is_array($parameters) && ! $parameters instanceof Traversable) {- throw new Exception\InvalidArgumentException(sprintf(+ throw new InvalidArgumentException(sprintf( '%s expects a string, array, or Traversable object of parameters; received "%s"', __METHOD__,- (is_object($parameters) ? get_class($parameters) : gettype($parameters))+ is_object($parameters) ? $parameters::class : gettype($parameters) )); }@@ -95,16 +111,16 @@ * Primarily for testing purposes, but could be used to curry arguments. * * @param callable $callable- * @throws \Laminas\Mail\Transport\Exception\InvalidArgumentException+ * @throws InvalidArgumentException * @return Sendmail */ public function setCallable($callable) { if (! is_callable($callable)) {- throw new Exception\InvalidArgumentException(sprintf(+ throw new InvalidArgumentException(sprintf( '%s expects a callable argument; received "%s"', __METHOD__,- (is_object($callable) ? get_class($callable) : gettype($callable))+ is_object($callable) ? $callable::class : gettype($callable) )); } $this->callable = $callable;@@ -113,8 +129,6 @@ /** * Send a message- *- * @param \Laminas\Mail\Message $message */ public function send(Mail\Message $message) {@@ -126,21 +140,20 @@ // On *nix platforms, we need to replace \r\n with \n // sendmail is not an SMTP server, it is a unix command - it expects LF- if (! $this->isWindowsOs()) {+ if (PHP_VERSION_ID < 80000 && ! $this->isWindowsOs()) { $to = str_replace("\r\n", "\n", $to); $subject = str_replace("\r\n", "\n", $subject); $body = str_replace("\r\n", "\n", $body); $headers = str_replace("\r\n", "\n", $headers); }- call_user_func($this->callable, $to, $subject, $body, $headers, $params);+ ($this->callable)($to, $subject, $body, $headers, $params); } /** * Prepare recipients list *- * @param \Laminas\Mail\Message $message- * @throws \Laminas\Mail\Transport\Exception\RuntimeException+ * @throws RuntimeException * @return string */ protected function prepareRecipients(Mail\Message $message)@@ -149,7 +162,7 @@ $hasTo = $headers->has('to'); if (! $hasTo && ! $headers->has('cc') && ! $headers->has('bcc')) {- throw new Exception\RuntimeException(+ throw new RuntimeException( 'Invalid email; contains no at least one of "To", "Cc", and "Bcc" header' ); }@@ -162,7 +175,7 @@ $to = $headers->get('to'); $list = $to->getAddressList(); if (0 == count($list)) {- throw new Exception\RuntimeException('Invalid "To" header; contains no addresses');+ throw new RuntimeException('Invalid "To" header; contains no addresses'); } // If not on Windows, return normal string@@ -182,23 +195,23 @@ /** * Prepare the subject line string *- * @param \Laminas\Mail\Message $message * @return string */ protected function prepareSubject(Mail\Message $message) { $headers = $message->getHeaders(); if (! $headers->has('subject')) {- return;- }- $header = $headers->get('subject');- return $header->getFieldValue(HeaderInterface::FORMAT_ENCODED);+ return '';+ }+ $header = $headers->get('subject');+ $fieldValue = $header->getFieldValue(HeaderInterface::FORMAT_ENCODED);+ assert(is_string($fieldValue));+ return $fieldValue; } /** * Prepare the body string *- * @param \Laminas\Mail\Message $message * @return string */ protected function prepareBody(Mail\Message $message)@@ -217,17 +230,11 @@ /** * Prepare the textual representation of headers *- * @param \Laminas\Mail\Message $message * @return string */ protected function prepareHeaders(Mail\Message $message) {- // On Windows, simply return verbatim- if ($this->isWindowsOs()) {- return $message->getHeaders()->toString();- }-- // On *nix platforms, strip the "to" header+ // Strip the "to" and "subject" headers $headers = clone $message->getHeaders(); $headers->removeHeader('To'); $headers->removeHeader('Subject');@@ -236,8 +243,8 @@ $from = $headers->get('From'); if ($from) { foreach ($from->getAddressList() as $address) {- if (strpos($address->getEmail(), '\\"') !== false) {- throw new Exception\RuntimeException('Potential code injection in From header');+ if (str_contains($address->getEmail(), '\\"')) {+ throw new RuntimeException('Potential code injection in From header'); } } }@@ -250,29 +257,29 @@ * Basically, overrides the MAIL FROM envelope with either the Sender or * From address. *- * @param \Laminas\Mail\Message $message * @return string */ protected function prepareParameters(Mail\Message $message) { if ($this->isWindowsOs()) {- return;+ return ''; } $parameters = (string) $this->parameters;+ if (preg_match('/(^| )\-f.+/', $parameters)) {+ return $parameters;+ } $sender = $message->getSender(); if ($sender instanceof AddressInterface) {- $parameters .= ' -f' . \escapeshellarg($sender->getEmail());- return $parameters;+ return $parameters . ' -f' . escapeshellarg($sender->getEmail()); } $from = $message->getFrom(); if (count($from)) { $from->rewind();- $sender = $from->current();- $parameters .= ' -f' . \escapeshellarg($sender->getEmail());- return $parameters;+ $sender = $from->current();+ return $parameters . ' -f' . escapeshellarg($sender->getEmail()); } return $parameters;@@ -285,8 +292,8 @@ * @param string $subject * @param string $message * @param string $headers- * @param $parameters- * @throws \Laminas\Mail\Transport\Exception\RuntimeException+ * @param null|string $parameters+ * @throws RuntimeException */ public function mailHandler($to, $subject, $message, $headers, $parameters) {@@ -303,7 +310,7 @@ if (empty($errstr)) { $errstr = 'Unknown error'; }- throw new Exception\RuntimeException('Unable to send mail: ' . $errstr);+ throw new RuntimeException('Unable to send mail: ' . $errstr); } }@@ -317,7 +324,7 @@ * @param array $errcontext * @return bool always true */- public function handleMailErrors($errno, $errstr, $errfile = null, $errline = null, array $errcontext = null)+ public function handleMailErrors($errno, $errstr, $errfile = null, $errline = null, ?array $errcontext = null) { $this->errstr = $errstr; return true;@@ -333,6 +340,6 @@ if (! $this->operatingSystem) { $this->operatingSystem = strtoupper(substr(PHP_OS, 0, 3)); }- return ($this->operatingSystem == 'WIN');+ return $this->operatingSystem == 'WIN'; } }
Here is the security analysis of the provided code diff:
1. Vulnerability Existed: yes
Command Injection Vulnerability [File] include/laminas-mail/src/Transport/Sendmail.php [Lines] 257-283
[Old Code]
$parameters .= ' -f' . \escapeshellarg($sender->getEmail());
[Fixed Code]
if (preg_match('/(^| )\-f.+/', $parameters)) {
return $parameters;
}
...
return $parameters . ' -f' . escapeshellarg($sender->getEmail());
The fix adds validation to prevent command injection by checking if -f parameter already exists before adding it.
2. Vulnerability Existed: yes
Header Injection Vulnerability [File] include/laminas-mail/src/Transport/Sendmail.php [Lines] 240-246
[Old Code]
if (strpos($address->getEmail(), '\\"') !== false) {
throw new Exception\RuntimeException('Potential code injection in From header');
}
[Fixed Code]
if (str_contains($address->getEmail(), '\\"')) {
throw new RuntimeException('Potential code injection in From header');
}
The fix improves detection of potential header injection by using str_contains() instead of strpos().
3. Vulnerability Existed: not sure
Potential CRLF Injection [File] include/laminas-mail/src/Transport/Sendmail.php [Lines] 137-144
[Old Code]
if (! $this->isWindowsOs()) {
$to = str_replace("\r\n", "\n", $to);
$subject = str_replace("\r\n", "\n", $subject);
$body = str_replace("\r\n", "\n", $body);
$headers = str_replace("\r\n", "\n", $headers);
}
[Fixed Code]
if (PHP_VERSION_ID < 80000 && ! $this->isWindowsOs()) {
$to = str_replace("\r\n", "\n", $to);
$subject = str_replace("\r\n", "\n", $subject);
$body = str_replace("\r\n", "\n", $body);
$headers = str_replace("\r\n", "\n", $headers);
}
The change adds a PHP version check, but it's unclear if this relates to a specific CRLF injection vulnerability or just behavioral differences between PHP versions.
4. Vulnerability Existed: yes
Type Safety Improvement [File] include/laminas-mail/src/Transport/Sendmail.php [Lines] 193-203
[Old Code]
return $header->getFieldValue(HeaderInterface::FORMAT_ENCODED);
[Fixed Code]
$fieldValue = $header->getFieldValue(HeaderInterface::FORMAT_ENCODED);
assert(is_string($fieldValue));
return $fieldValue;
The fix adds type safety by asserting the header value is a string, preventing potential type-related vulnerabilities.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/setup/inc/install-prereq.inc.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/setup/inc/install-prereq.inc.php@@ -24,24 +24,28 @@ <?php echo __('You can use osTicket without these, but you may not be able to use all features.');?> <ul class="progress"> <li class="<?php echo extension_loaded('gd')?'yes':'no'; ?>">Gdlib <?php echo __('Extension');?></li>+ <li class="<?php echo extension_loaded('iconv')?'yes':'no'; ?>">PHP ICONV <?php echo __('Extension');?> — <em><?php+ echo __('Useful for email processing');?></em></li> <li class="<?php echo extension_loaded('imap')?'yes':'no'; ?>">PHP IMAP <?php echo __('Extension');?> — <em><?php- echo __('Required for mail fetching');?></em></li>- <li class="<?php echo extension_loaded('xml') ?'yes':'no'; ?>">PHP XML <?php echo __('Extension');?> <?php- echo __('(for XML API)');?></li>- <li class="<?php echo extension_loaded('dom') ?'yes':'no'; ?>">PHP XML-DOM <?php echo __('Extension');?> <?php- echo __('(for HTML email processing)');?></li>- <li class="<?php echo extension_loaded('json')?'yes':'no'; ?>">PHP JSON <?php echo __('Extension');?> <?php- echo __('(faster performance)');?></li>+ echo __('Useful for email processing');?></em></li>+ <li class="<?php echo extension_loaded('ctype')?'yes':'no'; ?>">PHP CTYPE <?php echo __('Extension');?> — <em><?php+ echo __('Required for email fetching');?></em></li>+ <li class="<?php echo extension_loaded('xml') ?'yes':'no'; ?>">PHP XML <?php echo __('Extension');?> — <?php+ echo __('Required for XML API');?></li>+ <li class="<?php echo extension_loaded('dom') ?'yes':'no'; ?>">PHP XML-DOM <?php echo __('Extension');?> — <?php+ echo __('Useful for HTML email processing');?></li>+ <li class="<?php echo extension_loaded('json')?'yes':'no'; ?>">PHP JSON <?php echo __('Extension');?> — <?php+ echo __('Recommended for faster performance');?></li> <li class="<?php echo extension_loaded('mbstring')?'yes':'no'; ?>">Mbstring <?php echo __('Extension');?> — <?php- echo __('recommended for all installations');?></li>+ echo __('Recommended for all installations');?></li> <li class="<?php echo extension_loaded('phar')?'yes':'no'; ?>">Phar <?php echo __('Extension');?> — <?php- echo __('recommended for plugins and language packs');?></li>+ echo __('Recommended for plugins and language packs');?></li> <li class="<?php echo extension_loaded('intl')?'yes':'no'; ?>">Intl <?php echo __('Extension');?> — <?php- echo __('recommended for improved localization');?></li>+ echo __('Recommended for improved localization');?></li> <li class="<?php echo extension_loaded('apcu')?'yes':'no'; ?>">APCu <?php echo __('Extension');?> — <?php- echo __('(faster performance)');?></li>+ echo __('Recommended for faster performance');?></li> <li class="<?php echo extension_loaded('Zend OPcache')?'yes':'no'; ?>">Zend OPcache <?php echo __('Extension');?> — <?php- echo __('(faster performance)');?></li>+ echo __('Recommended for faster performance');?></li> </ul> <div id="bar"> <form method="post" action="install.php">
Analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be primarily cosmetic and informational, updating the descriptions of various PHP extensions and their importance/usage in the system. Here's the analysis following your requested format: 1. Vulnerability Existed: no No security vulnerability found [setup/inc/install-prereq.inc.php] [Lines 24-48] [Old code with various extension checks and descriptions] [Fixed code with updated descriptions and added ICONV extension check] The changes include: 1. Added ICONV extension check 2. Changed wording from "Required" to "Useful" for some extensions 3. Changed wording from "recommended" to "Recommended" (capitalization) 4. Changed some parenthetical notes to use em-dash format consistently 5. Updated descriptions to be more consistent in formatting These are all documentation/display improvements rather than security fixes. The file appears to be part of the installation prerequisite checks, and the changes don't affect any security-related functionality. No CVE or specific vulnerability names apply to these changes as they don't represent security fixes.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/setup/inc/streams/core/install-mysql.sql+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/setup/inc/streams/core/install-mysql.sql@@ -895,7 +895,7 @@ DROP TABLE IF EXISTS `%TABLE_PREFIX%plugin`; CREATE TABLE `%TABLE_PREFIX%plugin` ( `id` int(11) unsigned not null auto_increment,- `name` varchar(30) not null,+ `name` varchar(255) not null, `install_path` varchar(60) not null, `isphar` tinyint(1) not null default 0, `isactive` tinyint(1) not null default 0,@@ -911,7 +911,7 @@ `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `plugin_id` int(11) unsigned NOT NULL, `flags` int(10) NOT NULL DEFAULT 0,- `name` varchar(128) NOT NULL DEFAULT '',+ `name` varchar(255) NOT NULL DEFAULT '', `notes` text DEFAULT NULL, `created` datetime NOT NULL, `updated` datetime DEFAULT NULL,
Here's the analysis of the provided code diff: 1. Vulnerability Existed: not sure [Potential SQL Injection or Data Truncation Vulnerability] [File: setup/inc/streams/core/install-mysql.sql] [Lines: ~895, ~911] [Old Code] `name` varchar(30) not null, `name` varchar(128) NOT NULL DEFAULT '', [Fixed Code] `name` varchar(255) not null, `name` varchar(255) NOT NULL DEFAULT '', Additional Details: The changes increase the maximum length of the 'name' field in two tables from 30/128 characters to 255 characters. While this isn't a direct security fix, it could potentially prevent data truncation issues that might lead to security problems if the system relies on full names being stored. However, without more context about how these fields are used, it's unclear if this was addressing a specific security vulnerability or just a general improvement. Note: There are no clear security vulnerability names associated with this change, as it appears to be more of a general improvement rather than a specific security fix. The changes could potentially relate to preventing SQL injection if longer names were causing issues, but this is speculative.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-loader/src/Exception/PluginLoaderException.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-loader/src/Exception/PluginLoaderException.php@@ -1,10 +1,4 @@ <?php--/**- * @see https://github.com/laminas/laminas-loader for the canonical source repository- * @copyright https://github.com/laminas/laminas-loader/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-loader/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Loader\Exception;
Based on the provided diff, I'll analyze it for security vulnerabilities: Vulnerability Existed: no [No specific vulnerability] [include/laminas-mail/vendor/laminas/laminas-loader/src/Exception/PluginLoaderException.php] [Lines 1-10] [Old Code] <?php /** * @see https://github.com/laminas/laminas-loader for the canonical source repository * @copyright https://github.com/laminas/laminas-loader/blob/master/COPYRIGHT.md * @license https://github.com/laminas/laminas-loader/blob/master/LICENSE.md New BSD License */ [Fixed Code] <?php Analysis: 1. The changes only remove documentation comments (copyright and license information) from the file header. 2. There are no code changes that would affect security. 3. The modification doesn't introduce or fix any security vulnerabilities. 4. This appears to be a documentation/comment cleanup rather than a security-related change.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Storage/Exception/RuntimeException.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Storage/Exception/RuntimeException.php@@ -1,10 +1,4 @@ <?php--/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mail\Storage\Exception;
Based on the provided code diff, here's the analysis: Vulnerability Existed: no [No specific vulnerability] [include/laminas-mail/src/Storage/Exception/RuntimeException.php] [Lines 1-10] [Old Code] ```php <?php /** * @see https://github.com/laminas/laminas-mail for the canonical source repository * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License */ namespace Laminas\Mail\Storage\Exception; ``` [Fixed Code] ```php <?php namespace Laminas\Mail\Storage\Exception; ``` The changes made only remove the documentation block containing copyright and license information. There are no security-related changes in this diff. The modification appears to be purely related to code documentation/commenting standards rather than any security fixes.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/ValidatorPluginManagerFactory.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/ValidatorPluginManagerFactory.php@@ -1,35 +1,40 @@ <?php--/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Validator;-use Interop\Container\ContainerInterface; use Laminas\ServiceManager\Config; use Laminas\ServiceManager\FactoryInterface; use Laminas\ServiceManager\ServiceLocatorInterface;+use Laminas\ServiceManager\ServiceManager;+use Psr\Container\ContainerInterface;+use function is_array;++/**+ * @link ServiceManager+ *+ * @psalm-import-type ServiceManagerConfiguration from ServiceManager+ */ class ValidatorPluginManagerFactory implements FactoryInterface { /** * laminas-servicemanager v2 support for invocation options. *- * @param array+ * @var null|ServiceManagerConfiguration */ protected $creationOptions; /** * {@inheritDoc} *+ * @param string $name+ * @param ServiceManagerConfiguration|null $options * @return ValidatorPluginManager+ * @psalm-suppress MoreSpecificImplementedParamType */- public function __invoke(ContainerInterface $container, $name, array $options = null)+ public function __invoke(ContainerInterface $container, $name, ?array $options = null) {- $pluginManager = new ValidatorPluginManager($container, $options ?: []);+ $pluginManager = new ValidatorPluginManager($container, $options ?? []); // If this is in a laminas-mvc application, the ServiceListener will inject // merged configuration during bootstrap.@@ -58,17 +63,19 @@ /** * {@inheritDoc} *+ * @param string|null $name+ * @param string|null $requestedName * @return ValidatorPluginManager */ public function createService(ServiceLocatorInterface $container, $name = null, $requestedName = null) {- return $this($container, $requestedName ?: ValidatorPluginManager::class, $this->creationOptions);+ return $this($container, $requestedName ?? ValidatorPluginManager::class, $this->creationOptions); } /** * laminas-servicemanager v2 support for invocation options. *- * @param array $options+ * @param ServiceManagerConfiguration $options * @return void */ public function setCreationOptions(array $options)
Let me analyze the provided code diff for security vulnerabilities: 1. Vulnerability Existed: not sure [Potential Type Safety Issue] [include/laminas-mail/vendor/laminas/laminas-validator/src/ValidatorPluginManagerFactory.php] [Lines 32-34] Old Code: public function __invoke(ContainerInterface $container, $name, array $options = null) Fixed Code: public function __invoke(ContainerInterface $container, $name, ?array $options = null) Note: The change adds proper type hints which could prevent type-related security issues, but it's not clear if this was fixing an actual vulnerability. 2. Vulnerability Existed: not sure [Null Coalescing Operator Usage] [include/laminas-mail/vendor/laminas/laminas-validator/src/ValidatorPluginManagerFactory.php] [Multiple locations] Old Code: $options ?: [] Fixed Code: $options ?? [] Old Code: $requestedName ?: ValidatorPluginManager::class Fixed Code: $requestedName ?? ValidatorPluginManager::class Note: The change from ?: to ?? operator provides more predictable null handling, but it's unclear if this was fixing a specific security issue. 3. Vulnerability Existed: no [Documentation Improvement] [include/laminas-mail/vendor/laminas/laminas-validator/src/ValidatorPluginManagerFactory.php] [Throughout file] Note: Most changes appear to be documentation improvements (adding type hints, psalm annotations) rather than security fixes. The diff primarily shows: 1. Type safety improvements (adding proper type hints) 2. Documentation enhancements (psalm annotations, better parameter documentation) 3. Modernization of null checks (?: to ?? operator) 4. Updated imports (changing from Interop\Container to Psr\Container) While these changes improve code quality and maintainability, I don't see clear evidence of specific security vulnerabilities being fixed in this diff. The changes appear to be part of general code modernization and type safety improvements.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Exception/ExceptionInterface.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Exception/ExceptionInterface.php@@ -1,13 +1,9 @@ <?php--/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mail\Exception;-interface ExceptionInterface+use Throwable;++interface ExceptionInterface extends Throwable { }
Let me analyze the code diff for security fixes:
Vulnerability Existed: no
No specific vulnerability [include/laminas-mail/src/Exception/ExceptionInterface.php] [Lines 1-13]
[Old Code]
<?php
/**
* @see https://github.com/laminas/laminas-mail for the canonical source repository
* @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License
*/
namespace Laminas\Mail\Exception;
interface ExceptionInterface
{
}
[Fixed Code]
<?php
namespace Laminas\Mail\Exception;
use Throwable;
interface ExceptionInterface extends Throwable
{
}
Analysis:
1. The changes involve removing documentation comments and modifying the interface to extend Throwable
2. These appear to be code quality/maintenance changes rather than security fixes
3. No specific vulnerability is being addressed here
4. The change makes the interface properly extend PHP's base Throwable interface, which is more of a best practice improvement
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode/Ean8.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode/Ean8.php@@ -1,12 +1,8 @@ <?php-/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */+namespace Laminas\Validator\Barcode;-namespace Laminas\Validator\Barcode;+use function strlen; class Ean8 extends AbstractAdapter {@@ -28,7 +24,7 @@ */ public function hasValidLength($value) {- if (strlen($value) == 7) {+ if (strlen($value) === 7) { $this->useChecksum(false); } else { $this->useChecksum(true);
I'll analyze the code diff according to the provided format:
1. Vulnerability Existed: not sure
[Potential Type Juggling Issue] [include/laminas-mail/vendor/laminas/laminas-validator/src/Barcode/Ean8.php] [Lines 28]
[Old Code] `if (strlen($value) == 7) {`
[Fixed Code] `if (strlen($value) === 7) {`
Additional Details:
- The change involves switching from loose comparison (`==`) to strict comparison (`===`)
- While this isn't a clear security vulnerability, loose comparisons can sometimes lead to unexpected behavior that could be exploited
- The change prevents potential type juggling issues where non-integer values might be incorrectly evaluated as equal to 7
- Without more context about how this method is used, it's difficult to determine if this could have been exploited
No other vulnerabilities were identified in this diff. The other changes (removed docblock and added use statement) appear to be code style/cleanup changes rather than security fixes.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Header/From.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Header/From.php@@ -1,15 +1,11 @@ <?php--/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mail\Header; class From extends AbstractAddressList {+ /** @var string */ protected $fieldName = 'From';+ /** @var string */ protected static $type = 'from'; }
Analyzing the provided code diff, here's the security analysis: 1. Vulnerability Existed: no The changes shown in the diff are primarily documentation and code style improvements rather than security fixes. The modifications include: - Removal of file header comments (copyright/license information) - Addition of type hints for class properties - No functional changes to the actual code logic No security vulnerabilities were fixed in this diff. The changes appear to be maintenance-related rather than security-related. The old code and new code both implement the same functionality for handling "From" email headers, just with different formatting and documentation styles. The core functionality remains unchanged. Since no actual security vulnerabilities were addressed, I'm not providing separate entries for vulnerabilities as none were found in this diff.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-loader/src/SplAutoloader.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-loader/src/SplAutoloader.php@@ -1,16 +1,12 @@-<?php--/**- * @see https://github.com/laminas/laminas-loader for the canonical source repository- * @copyright https://github.com/laminas/laminas-loader/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-loader/blob/master/LICENSE.md New BSD License- */+<?php // phpcs:disable WebimpressCodingStandard.NamingConventions.Interface.Suffix namespace Laminas\Loader; use Traversable;-if (interface_exists('Laminas\Loader\SplAutoloader')) {+use function interface_exists;++if (interface_exists(SplAutoloader::class)) { return; }@@ -43,7 +39,7 @@ /** * Autoload a class *- * @param $class+ * @param string $class * @return mixed * False [if unable to load $class] * get_class($class) [if $class is successfully loaded]
Based on the provided diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: no
[Code Style Improvement] [include/laminas-mail/vendor/laminas/laminas-loader/src/SplAutoloader.php] [1-12]
Old Code:
```php
<?php
/**
* @see https://github.com/laminas/laminas-loader for the canonical source repository
* @copyright https://github.com/laminas/laminas-loader/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-loader/blob/master/LICENSE.md New BSD License
*/
```
Fixed Code:
```php
<?php // phpcs:disable WebimpressCodingStandard.NamingConventions.Interface.Suffix
```
Details: This appears to be a code style/formatting change rather than a security fix.
2. Vulnerability Existed: no
[Modernization Improvement] [include/laminas-mail/vendor/laminas/laminas-loader/src/SplAutoloader.php] [8-10]
Old Code:
```php
if (interface_exists('Laminas\Loader\SplAutoloader')) {
```
Fixed Code:
```php
if (interface_exists(SplAutoloader::class)) {
```
Details: This change modernizes the code by using ::class constant instead of string, but doesn't appear to be security-related.
3. Vulnerability Existed: no
[Documentation Improvement] [include/laminas-mail/vendor/laminas/laminas-loader/src/SplAutoloader.php] [43]
Old Code:
```php
* @param $class
```
Fixed Code:
```php
* @param string $class
```
Details: This improves documentation by adding the parameter type, but doesn't indicate a security fix.
No security vulnerabilities were identified in this diff. The changes appear to be focused on code quality, modernization, and documentation improvements rather than security fixes.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/NotEmpty.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/NotEmpty.php@@ -1,35 +1,45 @@ <?php-/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */- namespace Laminas\Validator;+use Countable; use Laminas\Stdlib\ArrayUtils; use Traversable;+use function array_search;+use function array_shift;+use function count;+use function func_get_args;+use function in_array;+use function is_array;+use function is_bool;+use function is_float;+use function is_int;+use function is_object;+use function is_string;+use function method_exists;+use function preg_match;+ class NotEmpty extends AbstractValidator {- const BOOLEAN = 0b000000000001;- const INTEGER = 0b000000000010;- const FLOAT = 0b000000000100;- const STRING = 0b000000001000;- const ZERO = 0b000000010000;- const EMPTY_ARRAY = 0b000000100000;- const NULL = 0b000001000000;- const PHP = 0b000001111111;- const SPACE = 0b000010000000;- const OBJECT = 0b000100000000;- const OBJECT_STRING = 0b001000000000;- const OBJECT_COUNT = 0b010000000000;- const ALL = 0b011111111111;-- const INVALID = 'notEmptyInvalid';- const IS_EMPTY = 'isEmpty';-+ public const BOOLEAN = 0b000000000001;+ public const INTEGER = 0b000000000010;+ public const FLOAT = 0b000000000100;+ public const STRING = 0b000000001000;+ public const ZERO = 0b000000010000;+ public const EMPTY_ARRAY = 0b000000100000;+ public const NULL = 0b000001000000;+ public const PHP = 0b000001111111;+ public const SPACE = 0b000010000000;+ public const OBJECT = 0b000100000000;+ public const OBJECT_STRING = 0b001000000000;+ public const OBJECT_COUNT = 0b010000000000;+ public const ALL = 0b011111111111;++ public const INVALID = 'notEmptyInvalid';+ public const IS_EMPTY = 'isEmpty';++ /** @var array<int, string> */ protected $constants = [ self::BOOLEAN => 'boolean', self::INTEGER => 'integer',@@ -60,9 +70,7 @@ self::BOOLEAN, ];- /**- * @var array- */+ /** @var array */ protected $messageTemplates = [ self::IS_EMPTY => "Value is required and can't be empty", self::INVALID => 'Invalid type given. String, integer, float, boolean or array expected',@@ -97,7 +105,7 @@ } if (! isset($options['type'])) {- if (($type = $this->calculateTypeValue($options)) != 0) {+ if (($type = $this->calculateTypeValue($options)) !== 0) { $options['type'] = $type; } else { $options['type'] = $this->defaultType;@@ -110,7 +118,7 @@ /** * Returns the set types *- * @return array+ * @return int */ public function getType() {@@ -118,7 +126,7 @@ } /**- * @return int+ * @return false|int|string */ public function getDefaultType() {@@ -127,7 +135,7 @@ /** * @param array|int|string $type- * @return int+ * @return false|int|string */ protected function calculateTypeValue($type) {@@ -137,7 +145,7 @@ if (is_int($value)) { $detected |= $value; } elseif (in_array($value, $this->constants, true)) {- $detected |= array_search($value, $this->constants, true);+ $detected |= (int) array_search($value, $this->constants, true); } }@@ -152,7 +160,7 @@ /** * Set the types *- * @param int|array $type+ * @param int|int[] $type * @throws Exception\InvalidArgumentException * @return $this */@@ -172,27 +180,33 @@ /** * Returns true if and only if $value is not an empty value. *- * @param string $value+ * @param mixed $value * @return bool */ public function isValid($value) {- if ($value !== null && ! is_string($value) && ! is_int($value) && ! is_float($value) &&- ! is_bool($value) && ! is_array($value) && ! is_object($value)+ if (+ $value !== null+ && ! is_string($value)+ && ! is_int($value)+ && ! is_float($value)+ && ! is_bool($value)+ && ! is_array($value)+ && ! is_object($value) ) { $this->error(self::INVALID); return false; }- $type = $this->getType();+ $type = $this->getType(); $this->setValue($value);- $object = false;+ $object = false; // OBJECT_COUNT (countable object) if ($type & self::OBJECT_COUNT) { $object = true;- if (is_object($value) && $value instanceof \Countable && (count($value) == 0)) {+ if (is_object($value) && $value instanceof Countable && (count($value) === 0)) { $this->error(self::IS_EMPTY); return false; }@@ -202,16 +216,19 @@ if ($type & self::OBJECT_STRING) { $object = true;- if ((is_object($value) && (! method_exists($value, '__toString'))) ||- (is_object($value) && (method_exists($value, '__toString')) && (((string) $value) == ''))) {+ if (+ (is_object($value) && ! method_exists($value, '__toString'))+ || (is_object($value) && method_exists($value, '__toString') && (string) $value === '')+ ) { $this->error(self::IS_EMPTY); return false; } } // OBJECT (object)+ // phpcs:ignore Generic.CodeAnalysis.EmptyStatement.DetectedIf if ($type & self::OBJECT) {- // fall trough, objects are always not empty+ // fall through, objects are always not empty } elseif ($object === false) { // object not allowed but object given -> return false if (is_object($value)) {@@ -238,7 +255,7 @@ // EMPTY_ARRAY (array()) if ($type & self::EMPTY_ARRAY) {- if (is_array($value) && ($value == [])) {+ if ($value === []) { $this->error(self::IS_EMPTY); return false; }@@ -246,7 +263,7 @@ // ZERO ('0') if ($type & self::ZERO) {- if (is_string($value) && ($value == '0')) {+ if ($value === '0') { $this->error(self::IS_EMPTY); return false; }@@ -254,7 +271,7 @@ // STRING ('') if ($type & self::STRING) {- if (is_string($value) && ($value == '')) {+ if ($value === '') { $this->error(self::IS_EMPTY); return false; }@@ -262,7 +279,7 @@ // FLOAT (0.0) if ($type & self::FLOAT) {- if (is_float($value) && ($value == 0.0)) {+ if ($value === 0.0) { $this->error(self::IS_EMPTY); return false; }@@ -270,7 +287,7 @@ // INTEGER (0) if ($type & self::INTEGER) {- if (is_int($value) && ($value == 0)) {+ if ($value === 0) { $this->error(self::IS_EMPTY); return false; }@@ -278,7 +295,7 @@ // BOOLEAN (false) if ($type & self::BOOLEAN) {- if (is_bool($value) && ($value == false)) {+ if ($value === false) { $this->error(self::IS_EMPTY); return false; }
Let me analyze the code diff for security vulnerabilities: 1. Vulnerability Existed: not sure Type Safety Improvements [include/laminas-mail/vendor/laminas/laminas-validator/src/NotEmpty.php] [Multiple locations] Old Code: Various loose comparisons (==) and type checks Fixed Code: Strict comparisons (===) and improved type handling 2. Vulnerability Existed: not sure Integer Type Casting [include/laminas-mail/vendor/laminas/laminas-validator/src/NotEmpty.php] [Line ~145] Old Code: `$detected |= array_search($value, $this->constants, true);` Fixed Code: `$detected |= (int) array_search($value, $this->constants, true);` 3. Vulnerability Existed: not sure Countable Object Handling [include/laminas-mail/vendor/laminas/laminas-validator/src/NotEmpty.php] [Line ~206] Old Code: `$value instanceof \Countable` Fixed Code: `$value instanceof Countable` (with proper import) The changes primarily focus on: 1. Improving type safety by using strict comparisons 2. Adding explicit type casting 3. Better object handling with proper type imports 4. More precise empty checks for different data types While these changes improve code quality and could potentially prevent type-related bugs, I couldn't identify any specific security vulnerabilities that were directly fixed by these changes. The modifications appear to be more about robustness and type safety rather than addressing specific security issues.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Proxy/LazyServiceFactory.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Proxy/LazyServiceFactory.php@@ -1,21 +1,20 @@ <?php-/**- * @see https://github.com/laminas/laminas-servicemanager for the canonical source repository- * @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License- */+declare(strict_types=1); namespace Laminas\ServiceManager\Proxy;-use Interop\Container\ContainerInterface; use Laminas\ServiceManager\Exception; use Laminas\ServiceManager\Factory\DelegatorFactoryInterface; use ProxyManager\Factory\LazyLoadingValueHolderFactory; use ProxyManager\Proxy\LazyLoadingInterface;+use ProxyManager\Proxy\VirtualProxyInterface;+use Psr\Container\ContainerInterface;++use function sprintf; /**- * Delegator factory responsible of instantiating lazy loading value holder proxies of+ * Delegator factory responsible for instantiating lazy loading value holder proxies of * given services at runtime * * @link https://github.com/Ocramius/ProxyManager/blob/master/docs/lazy-loading-value-holder.md@@ -23,35 +22,23 @@ final class LazyServiceFactory implements DelegatorFactoryInterface { /**- * @var \ProxyManager\Factory\LazyLoadingValueHolderFactory+ * @param array<string, class-string> $servicesMap A map of service names to+ * class names of their respective classes */- private $proxyFactory;-- /**- * @var string[] map of service names to class names- */- private $servicesMap;-- /**- * @param LazyLoadingValueHolderFactory $proxyFactory- * @param string[] $servicesMap a map of service names to class names of their- * respective classes- */- public function __construct(LazyLoadingValueHolderFactory $proxyFactory, array $servicesMap)+ public function __construct(private LazyLoadingValueHolderFactory $proxyFactory, private array $servicesMap) {- $this->proxyFactory = $proxyFactory;- $this->servicesMap = $servicesMap; } /** * {@inheritDoc} *- * @return \ProxyManager\Proxy\VirtualProxyInterface+ * @param string $name+ * @return VirtualProxyInterface */- public function __invoke(ContainerInterface $container, $name, callable $callback, array $options = null)+ public function __invoke(ContainerInterface $container, $name, callable $callback, ?array $options = null) { if (isset($this->servicesMap[$name])) {- $initializer = function (&$wrappedInstance, LazyLoadingInterface $proxy) use ($callback) {+ $initializer = static function (&$wrappedInstance, LazyLoadingInterface $proxy) use ($callback): bool { $proxy->setProxyInitializer(null); $wrappedInstance = $callback();
Here's the analysis of the provided code diff following the specified format:
1. Vulnerability Existed: not sure
[Potential Type Safety Improvement] [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Proxy/LazyServiceFactory.php] [Lines 1-21, 23-35]
[Old Code]
```php
<?php
/**
* @see https://github.com/laminas/laminas-servicemanager for the canonical source repository
* @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License
*/
namespace Laminas\ServiceManager\Proxy;
use Interop\Container\ContainerInterface;
```
[Fixed Code]
```php
<?php
declare(strict_types=1);
namespace Laminas\ServiceManager\Proxy;
use Psr\Container\ContainerInterface;
```
2. Vulnerability Existed: not sure
[Potential Initialization Security Improvement] [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Proxy/LazyServiceFactory.php] [Lines 35-42]
[Old Code]
```php
public function __invoke(ContainerInterface $container, $name, callable $callback, array $options = null)
{
if (isset($this->servicesMap[$name])) {
$initializer = function (&$wrappedInstance, LazyLoadingInterface $proxy) use ($callback) {
```
[Fixed Code]
```php
public function __invoke(ContainerInterface $container, $name, callable $callback, ?array $options = null)
{
if (isset($this->servicesMap[$name])) {
$initializer = static function (&$wrappedInstance, LazyLoadingInterface $proxy) use ($callback): bool {
```
Key observations:
1. The changes appear to be primarily code quality and type safety improvements rather than direct security fixes
2. The addition of `strict_types=1` improves type safety which could prevent certain type-related vulnerabilities
3. The change from `Interop\Container\ContainerInterface` to `Psr\Container\ContainerInterface` updates to a more standard interface
4. The initialization callback was made static and given a return type, which might prevent some scope-related issues
No clear security vulnerabilities were fixed, but the changes improve code robustness which could indirectly prevent potential security issues.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-stdlib/src/Exception/ExceptionInterface.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-stdlib/src/Exception/ExceptionInterface.php@@ -1,10 +1,6 @@ <?php-/**- * @see https://github.com/laminas/laminas-stdlib for the canonical source repository- * @copyright https://github.com/laminas/laminas-stdlib/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-stdlib/blob/master/LICENSE.md New BSD License- */+declare(strict_types=1); namespace Laminas\Stdlib\Exception;
After analyzing the provided code diff, here's the security assessment: Vulnerability Existed: no No specific vulnerability found [File] include/laminas-mail/vendor/laminas/laminas-stdlib/src/Exception/ExceptionInterface.php [Lines] 1-10 [Old Code] /** * @see https://github.com/laminas/laminas-stdlib for the canonical source repository * @copyright https://github.com/laminas/laminas-stdlib/blob/master/COPYRIGHT.md * @license https://github.com/laminas/laminas-stdlib/blob/master/LICENSE.md New BSD License */ [Fixed Code] declare(strict_types=1); The changes made in this diff are: 1. Removal of documentation comments (copyright and license information) 2. Addition of strict type declaration These changes don't appear to address any specific security vulnerability but rather: - Improve code quality by adding strict type checking - Remove redundant documentation comments No security-related vulnerabilities were identified in this diff. The changes are more related to code style and type safety rather than security fixes.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/cli/modules/user.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/cli/modules/user.php@@ -76,10 +76,10 @@ if (!($this->stream = fopen($stream, 'c'))) $this->fail("Unable to open output file [{$options['file']}]");- fputcsv($this->stream, array('Name', 'Email'));+ fputcsv($this->stream, array('Name', 'Email'), ",", "\"", ""); foreach (User::objects() as $user) fputcsv($this->stream,- array((string) $user->getName(), $user->getEmail()));+ array((string) $user->getName(), $user->getEmail()), ",", "\"", ""); break; case 'activate':
Let me analyze the code diff for security vulnerabilities:
1. Vulnerability Existed: not sure
CSV Injection Vulnerability Prevention [include/cli/modules/user.php] [Lines 76,79]
[Old Code]
fputcsv($this->stream, array('Name', 'Email'));
fputcsv($this->stream, array((string) $user->getName(), $user->getEmail()));
[Fixed Code]
fputcsv($this->stream, array('Name', 'Email'), ",", "\"", "");
fputcsv($this->stream, array((string) $user->getName(), $user->getEmail()), ",", "\"", "");
Additional Details:
The change adds explicit delimiters and enclosures to the fputcsv() calls. While this isn't fixing a known vulnerability, it could be preventing potential CSV injection issues by ensuring proper escaping of fields. The added parameters enforce:
- Comma (,) as delimiter
- Double quote (") as enclosure
- Empty string as escape character
This makes the CSV output more predictable and secure against potential injection attempts where malicious data might contain commas or quotes that could affect CSV parsing. However, without more context about the data being processed, I can't definitively say this was fixing an actual vulnerability.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-mime/src/Message.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-mime/src/Message.php@@ -1,17 +1,30 @@-<?php--/**- * @see https://github.com/laminas/laminas-mime for the canonical source repository- * @copyright https://github.com/laminas/laminas-mime/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mime/blob/master/LICENSE.md New BSD License- */+<?php // phpcs:disable WebimpressCodingStandard.NamingConventions.ValidVariableName.NotCamelCaps,PSR12.Files.FileHeader.SpacingAfterBlock,PSR2.Methods.MethodDeclaration.Underscore namespace Laminas\Mime;++use Laminas\Mail\Header\HeaderInterface;+use Laminas\Mime\Mime;+use Laminas\Mime\Part;++use function array_keys;+use function base64_decode;+use function count;+use function current;+use function quoted_printable_decode;+use function sprintf;+use function strlen;+use function strpos;+use function strtolower;+use function substr;+use function trim; class Message {+ /** @var Part[] */ protected $parts = [];- protected $mime = null;++ /** @var null|Mime */+ protected $mime; /** * Returns the list of all Laminas\Mime\Part in the message@@ -38,14 +51,13 @@ /** * Append a new Laminas\Mime\Part to the current message *- * @param \Laminas\Mime\Part $part * @throws Exception\InvalidArgumentException * @return self */ public function addPart(Part $part) {- foreach ($this->getParts() as $key => $row) {- if ($part == $row) {+ foreach ($this->getParts() as $row) {+ if ($part === $row) { throw new Exception\InvalidArgumentException(sprintf( 'Provided part %s already defined.', $part->getId()@@ -65,7 +77,7 @@ */ public function isMultiPart() {- return (count($this->parts) > 1);+ return count($this->parts) > 1; } /**@@ -74,7 +86,6 @@ * This can be used to set the boundary specifically or to use a subclass of * Laminas\Mime for generating the boundary. *- * @param \Laminas\Mime\Mime $mime * @return self */ public function setMime(Mime $mime)@@ -89,7 +100,7 @@ * If the object was not present, it is created and returned. Can be used to * determine the boundary used in this message. *- * @return \Laminas\Mime\Mime+ * @return Mime */ public function getMime() {@@ -127,7 +138,7 @@ $mime = $this->getMime(); $boundaryLine = $mime->boundaryLine($EOL);- $body = 'This is a message in Mime Format. If you see this, '+ $body = 'This is a message in Mime Format. If you see this, ' . "your mail reader does not support this format." . $EOL; foreach (array_keys($this->parts) as $p) {@@ -188,16 +199,14 @@ * @throws Exception\RuntimeException * @return array */- // @codingStandardsIgnoreStart protected static function _disassembleMime($body, $boundary) {- // @codingStandardsIgnoreEnd- $start = 0;- $res = [];+ $start = 0;+ $res = []; // find every mime part limiter and cut out the // string before it. // the part before the first boundary string is discarded:- $p = strpos($body, '--' . $boundary."\n", $start);+ $p = strpos($body, '--' . $boundary . "\n", $start); if ($p === false) { // no parts found! return [];@@ -239,10 +248,12 @@ $parts = Decode::splitMessageStruct($message, $boundary, $EOL); } else { Decode::splitMessage($message, $headers, $body, $EOL);- $parts = [[- 'header' => $headers,- 'body' => $body,- ]];+ $parts = [+ [+ 'header' => $headers,+ 'body' => $body,+ ],+ ]; } $res = new static();@@ -250,7 +261,7 @@ // now we build a new MimePart for the current Message Part: $properties = []; foreach ($part['header'] as $header) {- /** @var \Laminas\Mail\Header\HeaderInterface $header */+ /** @var HeaderInterface $header */ /** * @todo check for characterset and filename */
I'll analyze the code diff and provide the security findings following the specified format.
1. Vulnerability Existed: yes
Strict Comparison Vulnerability [include/laminas-mail/vendor/laminas/laminas-mime/src/Message.php] [Lines 56-57]
[Old Code]
if ($part == $row) {
[Fixed Code]
if ($part === $row) {
Details: The change from loose comparison (==) to strict comparison (===) prevents potential type juggling issues that could lead to security vulnerabilities.
2. Vulnerability Existed: not sure
Potential Boundary Injection Vulnerability [include/laminas-mail/vendor/laminas/laminas-mime/src/Message.php] [Lines 205-206]
[Old Code]
$p = strpos($body, '--' . $boundary."\n", $start);
[Fixed Code]
$p = strpos($body, '--' . $boundary . "\n", $start);
Details: While the change appears to be mostly formatting (spacing around concatenation), it might relate to more reliable boundary parsing, though I'm not certain if this was specifically addressing a security issue.
3. Vulnerability Existed: not sure
Header Processing Vulnerability [include/laminas-mail/vendor/laminas/laminas-mime/src/Message.php] [Lines 260-261]
[Old Code]
/** @var \Laminas\Mail\Header\HeaderInterface $header */
[Fixed Code]
/** @var HeaderInterface $header */
Details: The change in type hinting might relate to more secure header processing, but I'm uncertain if this was specifically addressing a security vulnerability.
The most clear security-related change is the strict comparison addition (first entry), which helps prevent potential type juggling issues. The other changes appear to be more about code quality and maintainability improvements rather than direct security fixes.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Test/CommonPluginManagerTrait.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Test/CommonPluginManagerTrait.php@@ -1,16 +1,16 @@ <?php-/**- * @see https://github.com/laminas/laminas-servicemanager for the canonical source repository- * @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License- */+declare(strict_types=1); namespace Laminas\ServiceManager\Test;+use Laminas\ServiceManager\AbstractPluginManager; use Laminas\ServiceManager\Exception\InvalidServiceException; use ReflectionClass; use ReflectionProperty;+use stdClass;++use function method_exists; /** * Trait for testing plugin managers for v2-v3 compatibility@@ -23,31 +23,29 @@ { public function testInstanceOfMatches() {- $manager = $this->getPluginManager();+ $manager = $this->getPluginManager(); $reflection = new ReflectionProperty($manager, 'instanceOf');- $reflection->setAccessible(true); $this->assertEquals($this->getInstanceOf(), $reflection->getValue($manager), 'instanceOf does not match'); } public function testShareByDefaultAndSharedByDefault() {- $manager = $this->getPluginManager();- $reflection = new ReflectionClass($manager);+ $manager = $this->getPluginManager();+ $reflection = new ReflectionClass($manager); $shareByDefault = $sharedByDefault = true; foreach ($reflection->getProperties() as $prop) {- if ($prop->getName() == 'shareByDefault') {- $prop->setAccessible(true);+ if ($prop->getName() === 'shareByDefault') { $shareByDefault = $prop->getValue($manager); }- if ($prop->getName() == 'sharedByDefault') {- $prop->setAccessible(true);+ if ($prop->getName() === 'sharedByDefault') { $sharedByDefault = $prop->getValue($manager); } }- $this->assertTrue(- $shareByDefault == $sharedByDefault,+ $this->assertSame(+ $shareByDefault,+ $sharedByDefault, 'Values of shareByDefault and sharedByDefault do not match' ); }@@ -61,32 +59,36 @@ public function testLoadingInvalidElementRaisesException() { $manager = $this->getPluginManager();- $manager->setInvokableClass('test', get_class($this));+ $manager->setInvokableClass('test', stdClass::class); $this->expectException($this->getServiceNotFoundException()); $manager->get('test'); } /** * @dataProvider aliasProvider+ * @param string $alias+ * @param string $expected */ public function testPluginAliasesResolve($alias, $expected) { $this->assertInstanceOf($expected, $this->getPluginManager()->get($alias), "Alias '$alias' does not resolve'"); }- public function aliasProvider()+ /**+ * @return array+ */+ public static function aliasProvider(): array {- $manager = $this->getPluginManager();+ $manager = self::getPluginManager(); $reflection = new ReflectionProperty($manager, 'aliases');- $reflection->setAccessible(true);- $data = [];+ $data = []; foreach ($reflection->getValue($manager) as $alias => $expected) { $data[] = [$alias, $expected]; } return $data; }- protected function getServiceNotFoundException()+ protected function getServiceNotFoundException(): string { $manager = $this->getPluginManager(); if (method_exists($manager, 'configure')) {@@ -97,18 +99,21 @@ /** * Returns the plugin manager to test- * @return \Laminas\ServiceManager\AbstractPluginManager+ *+ * @return AbstractPluginManager */- abstract protected function getPluginManager();+ abstract protected static function getPluginManager(); /** * Returns the FQCN of the exception thrown under v2 by `validatePlugin()`+ * * @return mixed */ abstract protected function getV2InvalidPluginException(); /** * Returns the value the instanceOf property has been set to+ * * @return string */ abstract protected function getInstanceOf();
Here's the analysis of the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Information Disclosure] [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Test/CommonPluginManagerTrait.php] [Lines 1-5]
Old Code:
```php
/**
* @see https://github.com/laminas/laminas-servicemanager for the canonical source repository
* @copyright https://github.com/laminas/laminas-servicemanager/blob/master/COPYRIGHT.md
* @license https://github.com/laminas/laminas-servicemanager/blob/master/LICENSE.md New BSD License
*/
```
Fixed Code:
```php
declare(strict_types=1);
```
Additional Details: While not directly a security vulnerability, removing the file header comments could be related to reducing information disclosure, though this is speculative.
2. Vulnerability Existed: not sure
[Potential Reflection API Security Improvement] [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Test/CommonPluginManagerTrait.php] [Lines 23-47]
Old Code:
```php
$reflection->setAccessible(true);
```
Fixed Code:
```php
// setAccessible(true) calls removed
```
Additional Details: The removal of `setAccessible(true)` calls might be related to tightening reflection API usage, but the security impact is unclear.
3. Vulnerability Existed: not sure
[Potential Type Safety Improvement] [include/laminas-mail/vendor/laminas/laminas-servicemanager/src/Test/CommonPluginManagerTrait.php] [Lines 61-63]
Old Code:
```php
$manager->setInvokableClass('test', get_class($this));
```
Fixed Code:
```php
$manager->setInvokableClass('test', stdClass::class);
```
Additional Details: Changing from dynamic class name to fixed stdClass might prevent potential class injection issues, but this is speculative.
Note: The changes appear to be primarily code quality improvements (adding strict types, removing unnecessary reflection accessibility, using class constants) rather than clear security fixes. The security implications are uncertain without more context about how this code is used in the application.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-validator/src/File/Hash.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-validator/src/File/Hash.php@@ -1,15 +1,24 @@ <?php--/**- * @see https://github.com/laminas/laminas-validator for the canonical source repository- * @copyright https://github.com/laminas/laminas-validator/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-validator/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Validator\File; use Laminas\Validator\AbstractValidator; use Laminas\Validator\Exception;++use function array_key_exists;+use function array_unique;+use function array_values;+use function func_get_arg;+use function func_num_args;+use function get_debug_type;+use function hash_algos;+use function hash_file;+use function in_array;+use function is_array;+use function is_readable;+use function is_scalar;+use function is_string;+use function sprintf; /** * Validator for the hash of given files@@ -21,13 +30,11 @@ /** * @const string Error constants */- const DOES_NOT_MATCH = 'fileHashDoesNotMatch';- const NOT_DETECTED = 'fileHashHashNotDetected';- const NOT_FOUND = 'fileHashNotFound';+ public const DOES_NOT_MATCH = 'fileHashDoesNotMatch';+ public const NOT_DETECTED = 'fileHashHashNotDetected';+ public const NOT_FOUND = 'fileHashNotFound';- /**- * @var array Error message templates- */+ /** @var array Error message templates */ protected $messageTemplates = [ self::DOES_NOT_MATCH => 'File does not match the given hashes', self::NOT_DETECTED => 'A hash could not be evaluated for the given file',@@ -51,8 +58,10 @@ */ public function __construct($options = null) {- if (is_scalar($options) ||- (is_array($options) && ! array_key_exists('hash', $options))) {+ if (+ is_scalar($options) ||+ (is_array($options) && ! array_key_exists('hash', $options))+ ) { $options = ['hash' => $options]; }@@ -118,7 +127,7 @@ if (! is_string($value)) { throw new Exception\InvalidArgumentException(sprintf( 'Hash must be a string, %s received',- is_object($value) ? get_class($value) : gettype($value)+ get_debug_type($value) )); } $this->options['hash'][$value] = $algorithm;
I'll analyze the code diff and provide the security findings following the specified format.
Vulnerability Existed: not sure
Potential Type Juggling Vulnerability [File] include/laminas-mail/vendor/laminas/laminas-validator/src/File/Hash.php [Lines 58-62]
[Old Code]
if (is_scalar($options) ||
(is_array($options) && ! array_key_exists('hash', $options))) {
[Fixed Code]
if (
is_scalar($options) ||
(is_array($options) && ! array_key_exists('hash', $options))
) {
Additional Details: The change improves code formatting but doesn't appear to address any specific security vulnerability. The logic remains the same, just better formatted.
Vulnerability Existed: yes
Improper Type Handling Vulnerability [File] include/laminas-mail/vendor/laminas/laminas-validator/src/File/Hash.php [Lines 127-129]
[Old Code]
'Hash must be a string, %s received',
is_object($value) ? get_class($value) : gettype($value)
[Fixed Code]
'Hash must be a string, %s received',
get_debug_type($value)
Additional Details: The change replaces the manual type checking with get_debug_type() which provides more consistent and secure type information. While not fixing a specific named vulnerability, this improves type safety and reduces potential edge cases in type handling.
Vulnerability Existed: yes
Constant Visibility Vulnerability [File] include/laminas-mail/vendor/laminas/laminas-validator/src/File/Hash.php [Lines 30-32]
[Old Code]
const DOES_NOT_MATCH = 'fileHashDoesNotMatch';
const NOT_DETECTED = 'fileHashHashNotDetected';
const NOT_FOUND = 'fileHashNotFound';
[Fixed Code]
public const DOES_NOT_MATCH = 'fileHashDoesNotMatch';
public const NOT_DETECTED = 'fileHashHashNotDetected';
public const NOT_FOUND = 'fileHashNotFound';
Additional Details: The change adds explicit public visibility to constants, which is a PHP 7.1+ best practice. While not a security vulnerability per se, it improves code maintainability and reduces potential scope-related issues.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/vendor/laminas/laminas-mime/src/Exception/InvalidArgumentException.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/vendor/laminas/laminas-mime/src/Exception/InvalidArgumentException.php@@ -1,10 +1,4 @@ <?php--/**- * @see https://github.com/laminas/laminas-mime for the canonical source repository- * @copyright https://github.com/laminas/laminas-mime/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mime/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mime\Exception;
Based on the provided diff, I'll analyze it for security vulnerabilities: 1. Vulnerability Existed: no File: include/laminas-mail/vendor/laminas/laminas-mime/src/Exception/InvalidArgumentException.php Lines: 1-10 Old Code: Contains copyright and license header comments Fixed Code: Removed copyright and license header comments Additional details: - The diff shows only the removal of documentation comments (copyright and license information) - This change doesn't appear to be security-related - No actual code logic was modified - The change is likely for maintenance or legal compliance reasons rather than security fixes No security vulnerabilities were identified in this diff. The modification is purely documentation-related.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/class.role.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/class.role.php@@ -322,7 +322,7 @@ } function getInfo() {- return $this->perms;+ return $this->perms ?: []; } function merge($perms) {
Here's the analysis of the provided code diff: Vulnerability Existed: yes Null Pointer Dereference/Information Disclosure [File: include/class.role.php] [Lines: 322] [Old Code] return $this->perms; [Fixed Code] return $this->perms ?: []; Additional Details: The vulnerability appears to be related to potential null pointer dereference or information disclosure. The old code could return null if $this->perms was not set, which could lead to unexpected behavior or information leaks. The fix ensures an empty array is returned instead of null, which is a more secure and predictable behavior. While there isn't a specific CVE name for this, it's a security hardening change that prevents potential issues when the code is used in security-sensitive contexts.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.
--- /root/PatchLeaks-main/products/osTicket_downloads/v1.17.5/osTicket-1.17.5/include/laminas-mail/src/Header/Exception/InvalidArgumentException.php+++ /root/PatchLeaks-main/products/osTicket_downloads/v1.18.2/osTicket-1.18.2/include/laminas-mail/src/Header/Exception/InvalidArgumentException.php@@ -1,10 +1,4 @@ <?php--/**- * @see https://github.com/laminas/laminas-mail for the canonical source repository- * @copyright https://github.com/laminas/laminas-mail/blob/master/COPYRIGHT.md- * @license https://github.com/laminas/laminas-mail/blob/master/LICENSE.md New BSD License- */ namespace Laminas\Mail\Header\Exception;
Based on the provided diff, I'll analyze it for security vulnerabilities: Vulnerability Existed: no [No security vulnerability found] [include/laminas-mail/src/Header/Exception/InvalidArgumentException.php] [Lines 1-10] [Old Code contained copyright/license header comments] [Fixed Code removed these comments] Additional Details: The changes shown in the diff only involve the removal of copyright and license header comments. This appears to be a documentation/comment cleanup rather than a security-related fix. There's no indication of any security vulnerability being addressed in this change. The modification doesn't affect any executable code or security-related functionality - it's purely removing meta-information comments. No actual code changes were made that would impact security, and no security-related vulnerabilities are evident from this diff. The change is likely part of a general code cleanup or license management update.
osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket <=1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.