OTRS and OTRS ITSM CVE-2013-4717 Unspecified SQL Injection Vulnerabilitiy

OTRS and OTRS ITSM are prone to an unspecified SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data.

An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.

The following are vulnerable:

Versions prior to OTRS 3.0.22, 3.1.18, and 3.2.9

Versions prior to OTRS ITSM 3.0.9, 3.1.10, and 3.2.7


 

Privacy Statement
Copyright 2010, SecurityFocus