|
|
CVE Reference: CVE-2005-3893 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2005-3893 |
|
|
Description: Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/23352 http://xforce.iss.net/xforce/xfdb/23354 SUSE http://www.novell.com/linux/security/advisories/2005_30_sr.html ST 1015262 SAID Secunia Advisory: SA18887 Secunia Advisory: SA18101 Secunia Advisory: SA17685 OSVDB 21064 21065 MISC http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt FULLDISC http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html DEBIAN http://www.debian.org/security/2006/dsa-973 CONFIRM http://otrs.org/advisory/OSA-2005-01-en/ BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=113272360804853&w=2 BID 15537 |
|
| Return to the previous page. |
