Vulnerability   
Search   
    Search 191973 CVE descriptions
and 86218 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.702733
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)
Summary:It was discovered that otrs2, the Open Ticket Request System, does not;properly sanitise user-supplied data that is used on SQL queries. An;attacker with a valid agent login could exploit this issue to craft SQL;queries by injecting arbitrary SQL code through manipulated URLs.
Description:Summary:
It was discovered that otrs2, the Open Ticket Request System, does not
properly sanitise user-supplied data that is used on SQL queries. An
attacker with a valid agent login could exploit this issue to craft SQL
queries by injecting arbitrary SQL code through manipulated URLs.

Affected Software/OS:
otrs2 on Debian Linux

Solution:
For the oldstable distribution (squeeze), this problem has been fixed in
version 2.4.9+dfsg1-3+squeeze4. This update also provides fixes for
CVE-2012-4751, CVE-2013-2625 and CVE-2013-4088
, which were all fixed for
stable already.

For the stable distribution (wheezy), this problem has been fixed in
version 3.1.7+dfsg1-8+deb7u3.

For the testing distribution (jessie), this problem has been fixed in
version 3.2.9-1.

For the unstable distribution (sid), this problem has been fixed in
version 3.2.9-1.

We recommend that you upgrade your otrs2 packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2625
http://archives.neohapsis.com/archives/bugtraq/2013-08/0009.html
http://lists.opensuse.org/opensuse-updates/2013-08/msg00027.html
http://www.securityfocus.com/bid/58936
https://exchange.xforce.ibmcloud.com/vulnerabilities/83287
https://security-tracker.debian.org/tracker/CVE-2013-2625
Common Vulnerability Exposure (CVE) ID: CVE-2012-4751
BugTraq ID: 56093
http://www.securityfocus.com/bid/56093
CERT/CC vulnerability note: VU#603276
http://www.kb.cert.org/vuls/id/603276
http://packetstormsecurity.org/files/117504/OTRS-3.1-Cross-Site-Scripting.html
SuSE Security Announcement: openSUSE-SU-2013:0145 (Google Search)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00036.html
Common Vulnerability Exposure (CVE) ID: CVE-2013-4088
http://advisories.mageia.org/MGASA-2013-0196.html
http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html
https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088
https://www.securityfocus.com/bid/60688/discuss
Common Vulnerability Exposure (CVE) ID: CVE-2013-4717
CopyrightCopyright (C) 2013 Greenbone Networks GmbH http://greenbone.net

This is only one of 86218 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.