7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
60.6%
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request
System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote
attackers to execute arbitrary SQL commands and bypass authentication via
the (1) user parameter in the Login action, and remote authenticated users
via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain
action.