Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DSA-973-1 | New OTRS packages fix several vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-07T23:24:36.605Z
Reserved: 2005-11-29T00:00:00
Link: CVE-2005-3893

No data.

Status : Deferred
Published: 2005-11-29T21:03:00.000
Modified: 2025-04-03T01:03:51.193
Link: CVE-2005-3893

No data.

No data.