Mandriva Linux Security Advisory : otrs (MDVSA-2013:212)
Medium Nessus Plugin ID 69338
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated otrs package fixes security vulnerability :
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs (CVE-2013-4717).
SolutionUpdate the affected otrs package.