Published: 09/02/2010 Updated: 09/09/2010

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x prior to 2.1.9, 2.2.x prior to 2.2.9, 2.3.x prior to 2.3.5, and 2.4.x prior to 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
otrs otrs 2.1.2
otrs otrs 2.1.1
otrs otrs 2.2.1
otrs otrs 2.3.4
otrs otrs 2.4.3
otrs otrs 2.4.2
otrs otrs 2.1.6
otrs otrs 2.1.5
otrs otrs 2.2.6
otrs otrs 2.2.5
otrs otrs 2.3.1
otrs otrs 2.4.6
otrs otrs 2.1.7
otrs otrs 2.1.8
otrs otrs 2.2.8
otrs otrs 2.2.7
otrs otrs 2.3.3
otrs otrs 2.3.2
otrs otrs 2.4.1
otrs otrs 2.1.4
otrs otrs 2.1.3
otrs otrs 2.2.4
otrs otrs 2.2.3
otrs otrs 2.2.2
otrs otrs 2.4.5
otrs otrs 2.4.4

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise input data that is used on SQL queries, which might be used to inject arbitrary SQL to, for example, escalate privileges on a system that uses otrs2 The oldstable distribution (etch) is not affected For the stable distribution (lenny), the problem has been fi ...

CWE-89 http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log http://www.osvdb.org/62181 http://otrs.org/advisory/OSA-2010-01-en/http://www.securityfocus.com/bid/38146 http://secunia.com/advisories/38507 http://otrs.org/releases/2.4.7/http://www.otrs.org/news/2010/otrs_2-4-7/http://secunia.com/advisories/38544 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html https://nvd.nist.gov https://www.debian.org/security/./dsa-1993

CVE-2010-0438

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect