Updated otrs package fixes security vulnerability
Publication date: 11 Aug 2013Modification date: 11 Aug 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4717
Description
It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs (CVE-2013-4717).
References
SRPMS
2/core
- otrs-3.2.9-1.mga2
3/core
- otrs-3.2.9-1.mga3