CVE-2010-0438 — SQL Injection in Otrs

CWE-89 — SQL Injection7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 25.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Otrs2 Otrs

Timeline

PublishedFeb 9

Latest updateMay 2

Description

Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/otrs2< otrs2 2.4.7-1 (bullseye)

▶NVDotrs/otrs26 versions+25

🔴Vulnerability Details

GHSA

GHSA-2gcm-4527-j663: Multiple SQL injection vulnerabilities in Kernel/System/Ticket↗2022-05-02

▶

OSV

CVE-2010-0438: Multiple SQL injection vulnerabilities in Kernel/System/Ticket↗2010-02-09

▶

📋Vendor Advisories

Red Hat

OTRS: Multiple SQL injection flaws in OTRS-Core (OSA-2010-01)↗2010-02-08

▶

Debian

CVE-2010-0438: otrs2 - Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core i...↗2010

▶

💬Community

Bugzilla

CVE-2010-0438 CVE-2010-2080 CVE-2010-3476 CVE-2011-0456 otrs: multiple vulnerabilities [fedora-epel5]↗2010-09-20

▶

Bugzilla

CVE-2010-0438 OTRS: Multiple SQL injection flaws in OTRS-Core (OSA-2010-01)↗2010-02-10

▶