CVE-2005-3893

Name of the Vulnerable Software and Affected Versions Open Ticket Request System (OTRS) versions 1.0.0 through 1.3.2 Open Ticket Request System (OTRS) versions 2.0.0 through 2.0.3

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user parameter in the Login action. Additionally, remote authenticated users can exploit the vulnerability via the TicketID and ArticleID parameters of the AgentTicketPlain action. The vulnerability can be exploited remotely, potentially leading to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For Open Ticket Request System (OTRS) versions 1.0.0 through 1.3.2, update to a version outside of this range to mitigate the risk. For Open Ticket Request System (OTRS) versions 2.0.0 through 2.0.3, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the AgentTicketPlain action and the Login action until a patch is available. Avoid using the user, TicketID, and ArticleID parameters in the affected actions until the issue is resolved.