CVE-2005-3893 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html http://marc.info/?l=bugtraq&m=113272360804853&w=2 http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt http://otrs.org/advisory/OSA-2005-01-en/ http://secunia.com/advisories/17685/ http://secunia.com/advisories/18101 http://secunia.com/advisories/18887 http://securitytracker.com/id?1015262 http://www.debian.org/security/2006/dsa-973 http://www.novell.com/linux/security/advisories/2005_30_sr.html http://www.osvdb.org/21064 http://www.osvdb.org/21065 http://www.securityfocus.com/bid/15537/ http://www.vupen.com/english/advisories/2005/2535 https://exchange.xforce.ibmcloud.com/vulnerabilities/23352 https://exchange.xforce.ibmcloud.com/vulnerabilities/23354

Share on: