PT-2014-4199 · Otrs+1 · Otrs+1

Publicado

2014-02-04

·

Atualizado

2016-06-02

·

CVE-2014-1471

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 3.1.x through 3.1.18 Open Ticket Request System (OTRS) versions 3.2.x through 3.2.13 Open Ticket Request System (OTRS) versions 3.3.x through 3.3.3
Description A SQL injection issue exists in the StateGetStatesByType function in Kernel/System/State.pm. This allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.
Recommendations For OTRS versions 3.1.x through 3.1.18, update to version 3.1.19 or later. For OTRS versions 3.2.x through 3.2.13, update to version 3.2.14 or later. For OTRS versions 3.3.x through 3.3.3, update to version 3.3.4 or later.

Correção

RCE

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

ALT-PU-2014-1279
CVE-2014-1471
DSA-2867-1
MGASA-2014-0094

Produtos afetados

Alt Linux
Otrs