OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities
High Nessus Network Monitor Plugin ID 5334
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple sql-injection attacks.
DescriptionThe remote web server is hosting OTRS, an Open source Ticket Request System written in Perl. The installed version is earlier than 2.1.9, 2.2.9, 2.3.5, or 2.4.7. Such versions are potentially affected by multiple unspecified sql-injection vulnerabilities. An attacker, with a valid Agent or Customer-session, could exploit this flaw to read or modify records in the database.
SolutionUpgrade to OTRS 2.1.9, 2.2.9, 2.3.5, 2.4.7, or later.