CVE-2005-3893

Priority
Untriaged
Description
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request
System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote
attackers to execute arbitrary SQL commands and bypass authentication via
the (1) user parameter in the Login action, and remote authenticated users
via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain
action.
References
Package
Source: otrs (LP Ubuntu Debian)
Upstream:needs-triage
More Information

Updated: 2017-12-14 19:35:29 UTC (commit 13907)