OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities

High Nessus Network Monitor Plugin ID 5334

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple sql-injection attacks.

Description

The remote web server is hosting OTRS, an Open source Ticket Request System written in Perl. The installed version is earlier than 2.1.9, 2.2.9, 2.3.5, or 2.4.7. Such versions are potentially affected by multiple unspecified sql-injection vulnerabilities. An attacker, with a valid Agent or Customer-session, could exploit this flaw to read or modify records in the database.

Solution

Upgrade to OTRS 2.1.9, 2.2.9, 2.3.5, 2.4.7, or later.

See Also

http://otrs.org/advisory/OSA-2010-01-en

Plugin Details

Severity: High

ID: 5334

Family: CGI

Published: 2010/02/09

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:otrs:otrs

Patch Publication Date: 2010/02/08

Vulnerability Publication Date: 2010/02/08

Reference Information

CVE: CVE-2010-0438

BID: 38146