CVE-2010-0438 Information

Description

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9 2.2.x before 2.2.9 2.3.x before 2.3.5 and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Reference

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://otrs.org/advisory/OSA-2010-01-en/ http://otrs.org/releases/2.4.7/ http://secunia.com/advisories/38507 http://secunia.com/advisories/38544 http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log http://www.osvdb.org/62181 http://www.otrs.org/news/2010/otrs_2-4-7/ http://www.securityfocus.com/bid/38146