[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2733-1 otrs2 -- SQL injection

ID: oval:org.secpod.oval:def:601080Date: (C)2013-09-25   (M)2022-10-10
Class: PATCHFamily: unix




It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.

Platform:
Debian 7.0
Debian 6.0
Product:
otrs2
Reference:
DSA-2733-1
CVE-2013-4717
CVE-2012-4751
CVE-2013-2625
CVE-2013-4088
CVE    4
CVE-2013-2625
CVE-2013-4717
CVE-2013-4088
CVE-2012-4751
...
CPE    57
cpe:/o:debian:debian_linux:7.0
cpe:/a:otrs:otrs:2.4.0:beta6
cpe:/a:otrs:otrs:2.4.13
cpe:/a:otrs:otrs:3.0.13
...

© SecPod Technologies