Test ID:	1.3.6.1.4.1.25623.1.0.902016
Category:	Web application abuses
Title:	Open Ticket Request System (OTRS) Multiple SQL Injection Vulnerabilities
Summary:	Open Ticket Request System (OTRS) is prone to multiple SQL injection vulnerabilities.
Description:	Summary: Open Ticket Request System (OTRS) is prone to multiple SQL injection vulnerabilities. Vulnerability Insight: The flaws are due to error in 'Kernel/System/Ticket.pm' in 'OTRS-Core'. It fails to sufficiently sanitize user-supplied data before using it in SQL queries. Vulnerability Impact: Successful exploitation will allow attackers to manipulate SQL queries to read or modify records in the database, could also allow access to more administrator permissions. Affected Software/OS: Open Ticket Request System (OTRS) version prior to 2.1.9, 2.2.9, 2.3.5 and 2.4.7 Solution: Upgrade to Open Ticket Request System (OTRS) 2.1.9, 2.2.9, 2.3.5, 2.4.7 CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0438 BugTraq ID: 38146 http://www.securityfocus.com/bid/38146 http://www.osvdb.org/62181 http://secunia.com/advisories/38507 http://secunia.com/advisories/38544 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.