CVE-2013-4717 — SQL Injection in Otrs
Severity
8.8HIGHNVD
EPSS
0.9%
top 24.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 9
Latest updateMay 5
Description
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages2 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-8pr4-q5mj-2m5q: Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3↗2022-05-05
OSV▶
CVE-2013-4717: Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3↗2021-08-09
CVEList▶
CVE-2013-4717: Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3↗2021-08-09
📋Vendor Advisories
1Debian▶
CVE-2013-4717: otrs2 - Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help...↗2013