Published: 29/11/2005 Updated: 20/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 up to and including 1.3.2 and 2.0.0 up to and including 2.0.3 allow remote malicious users to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otrs otrs 1.0.0
otrs otrs 1.3.2
otrs otrs 2.0.2
otrs otrs 2.0.3
otrs otrs 2.0.0
otrs otrs 2.0.1

source: wwwsecurityfocuscom/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vuln ...

source: wwwsecurityfocuscom/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vulner ...

NVD-CWE-Other http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt http://otrs.org/advisory/OSA-2005-01-en/http://www.securityfocus.com/bid/15537/http://secunia.com/advisories/17685/http://www.osvdb.org/21064 http://www.osvdb.org/21065 http://securitytracker.com/id?1015262 http://www.novell.com/linux/security/advisories/2005_30_sr.html http://secunia.com/advisories/18101 http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html http://www.debian.org/security/2006/dsa-973 http://secunia.com/advisories/18887 http://www.vupen.com/english/advisories/2005/2535 http://marc.info/?l=bugtraq&m=113272360804853&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/23354 https://exchange.xforce.ibmcloud.com/vulnerabilities/23352 https://nvd.nist.gov https://www.exploit-db.com/exploits/26551/

CVE-2005-3893

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect