Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3893

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3893
Last Modified 07 Mar 2011 09:27:20
Published 29 Nov 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3893

Summary

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.

Vulnerable Systems

Application

  • Otrs 1.0.0

  • Otrs 1.3.2

  • Otrs 2.0.0

  • Otrs 2.0.1

  • Otrs 2.0.2

  • Otrs 2.0.3


References

BID - 15537

SECUNIA - 17685

CONFIRM - http://otrs.org/advisory/OSA-2005-01-en/

MISC - http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt

BUGTRAQ - 20051122 OTRS 1.x/2.x Multiple Security Issues

VUPEN - ADV-2005-2535

XF - otrs-agentticketplain-sql-injection(23354)

XF - otrs-login-sql-injection(23352)

OSVDB - 21065

OSVDB - 21064

SUSE - SUSE-SR:2005:030

DEBIAN - DSA-973

SECTRACK - 1015262

SECUNIA - 18887

SECUNIA - 18101


Last Updated: 27 May 2016 10:41:06