OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities

High Nessus Network Monitor Plugin ID 5334


The remote web server is hosting a web application that is vulnerable to multiple sql-injection attacks.


The remote web server is hosting OTRS, an Open source Ticket Request System written in Perl. The installed version is earlier than 2.1.9, 2.2.9, 2.3.5, or 2.4.7. Such versions are potentially affected by multiple unspecified sql-injection vulnerabilities. An attacker, with a valid Agent or Customer-session, could exploit this flaw to read or modify records in the database.


Upgrade to OTRS 2.1.9, 2.2.9, 2.3.5, 2.4.7, or later.

See Also


Plugin Details

Severity: High

ID: 5334

Family: CGI

Published: 2010/02/09

Modified: 2018/09/16

Dependencies: 1442

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:otrs:otrs

Patch Publication Date: 2010/02/08

Vulnerability Publication Date: 2010/02/08

Reference Information

CVE: CVE-2010-0438

BID: 38146