Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities

High

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple sql-injection attacks.

Description

The remote web server is hosting OTRS, an Open source Ticket Request System written in Perl. The installed version is earlier than 2.1.9, 2.2.9, 2.3.5, or 2.4.7. Such versions are potentially affected by multiple unspecified sql-injection vulnerabilities. An attacker, with a valid Agent or Customer-session, could exploit this flaw to read or modify records in the database.

Solution

Upgrade to OTRS 2.1.9, 2.2.9, 2.3.5, 2.4.7, or later.