Advisories ยป MGASA-2013-0247

Updated otrs package fixes security vulnerability

Publication date: 11 Aug 2013
Modification date: 11 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4717

Description

It was discovered that otrs2, the Open Ticket Request System, does not
properly sanitise user-supplied data that is used on SQL queries. An
attacker with a valid agent login could exploit this issue to craft
SQL queries by injecting arbitrary SQL code through manipulated URLs
(CVE-2013-4717).

References

SRPMS

3/core

2/core