CVE-2010-0438

high

Description

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

References

http://www.securityfocus.com/bid/38146

http://www.otrs.org/news/2010/otrs_2-4-7/

http://www.osvdb.org/62181

http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log

http://secunia.com/advisories/38544

http://secunia.com/advisories/38507

http://otrs.org/releases/2.4.7/

http://otrs.org/advisory/OSA-2010-01-en/

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Details

Source: Mitre, NVD

Published: 2010-02-09

Updated: 2010-09-09

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High