|
|
Log in / Subscribe / Register

otrs2: sql injection

Package(s):otrs2 CVE #(s):CVE-2013-4717 CVE-2013-2625
Created:August 5, 2013 Updated:August 13, 2013
Description: From the Debian advisory:

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitize user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.

Alerts:
openSUSE openSUSE-SU-2013:1338-1 otrs 2013-08-14
Mandriva MDVSA-2013:212 otrs 2013-08-13
Mageia MGASA-2013-0247 otrs 2013-08-11
Debian DSA-2733-1 otrs2 2013-08-02
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds