Back to search
CVE-2014-1471
Published: Feb 4, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/OTRS/otrs/commit/0680603a07b8dc37c2ddca6ff14e0236babefc82
x_refsource_CONFIRM
65241
vdb-entry
x_refsource_BID
[oss-security] 20140129 Re: CVE Request: otrs: CSRF issue in customer web interface
mailing-list
x_refsource_MLIST
https://www.otrs.com/security-advisory-2014-02-sql-injection-issue
x_refsource_CONFIRM
https://github.com/OTRS/otrs/commit/c4ec9205bde9c49770ddad94c1a980c006164949
x_refsource_CONFIRM
102661
vdb-entry
x_refsource_OSVDB
https://www.otrs.com/release-notes-otrs-help-desk-3-3-4
x_refsource_CONFIRM
56655
third-party-advisory
x_refsource_SECUNIA
https://github.com/OTRS/otrs/commit/2997b36a7c84e933c4b025930cabe93efc4d261d
x_refsource_CONFIRM
56644
third-party-advisory
x_refsource_SECUNIA
DSA-2867
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now