CVE-2005-3893

Publication date 29 November 2005

Last updated 24 July 2024


Ubuntu priority

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
otrs 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Not affected