Download
| Alert*
|
oval:org.secpod.oval:def:601080
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. oval:org.secpod.oval:def:601060 It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access. The oldstable distribution is not affected by this problem. |
