3 matches found
Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. OpenVAS Vulnerabili...
Debian Security Advisory DSA 2712-1 (otrs2 - privilege escalation)
It was discovered that users with a valid agent login could use crafted URLs to bypass access control restrictions and read tickets to which they should not have access. The oldstable distribution squeeze is not affected by this problem. OpenVAS Vulnerability Test $Id: deb2712.nasl 6611 2017-07-0...
Debian Security Advisory DSA 2696-1 (otrs2 - privilege escalation)
A vulnerability has been discovered in the Open Ticket Request System, which can be exploited by malicious users to disclose potentially sensitive information. An attacker with a valid agent login could manipulate URLs in the ticket split mechanism to see contents of tickets they are not permitte...