OTRS Core System Multiple Unspecified SQL Injection Vulnerabilities

high Nessus Network Monitor Plugin ID 5334

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple sql-injection attacks.

Description

The remote web server is hosting OTRS, an Open source Ticket Request System written in Perl. The installed version is earlier than 2.1.9, 2.2.9, 2.3.5, or 2.4.7. Such versions are potentially affected by multiple unspecified sql-injection vulnerabilities. An attacker, with a valid Agent or Customer-session, could exploit this flaw to read or modify records in the database.

Solution

Upgrade to OTRS 2.1.9, 2.2.9, 2.3.5, 2.4.7, or later.

See Also

http://otrs.org/advisory/OSA-2010-01-en

Plugin Details

Severity: High

ID: 5334

Family: CGI

Published: 2/9/2010

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:otrs:otrs

Patch Publication Date: 2/8/2010

Vulnerability Publication Date: 2/8/2010

Reference Information

CVE: CVE-2010-0438

BID: 38146