Oval Definition:	oval:org.mitre.oval:def:18996
Revision Date: 2014-06-23 Version: 10 Title: DSA-2733-1 otrs2 - SQL injection Description: It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2012-4751 CVE-2013-2625 CVE-2013-4088 CVE-2013-4717 DSA-2733-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 Debian GNU/Linux 6.0 Debian GNU/Linux 7 Product(s): otrs2 Definition Synopsis Release section Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND otrs2 DPKG is earlier than 2.4.9+dfsg1-3+squeeze4 Release section Debian 7 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND otrs2 DPKG is earlier than 3.1.7+dfsg1-8+deb7u3
BACK