In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x up to and including 3.3.18, with a crafted URL it is possible to gain information like database user and password.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
otrs otrs |
||
debian debian linux 7.0 |
||
debian debian linux 9.0 |
||
debian debian linux 8.0 |