7.5

CVE-2005-3893

Exploit
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OtrsOtrs Version1.0.0
OtrsOtrs Version1.3.2
OtrsOtrs Version2.0.0
OtrsOtrs Version2.0.1
OtrsOtrs Version2.0.2
OtrsOtrs Version2.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.17% 0.935
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
http://marc.info/?l=bugtraq&m=113272360804853&w=2
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
Patch
Vendor Advisory
Exploit
http://otrs.org/advisory/OSA-2005-01-en/
Patch
Vendor Advisory
http://secunia.com/advisories/17685/
Patch
Vendor Advisory
http://secunia.com/advisories/18101
http://secunia.com/advisories/18887
http://securitytracker.com/id?1015262
http://www.debian.org/security/2006/dsa-973
http://www.novell.com/linux/security/advisories/2005_30_sr.html
http://www.osvdb.org/21064
http://www.osvdb.org/21065
http://www.securityfocus.com/bid/15537/
Patch
Exploit
http://www.vupen.com/english/advisories/2005/2535
https://exchange.xforce.ibmcloud.com/vulnerabilities/23352
https://exchange.xforce.ibmcloud.com/vulnerabilities/23354