QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16664

Published: Nov 21, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update

mailing-list

x_refsource_MLIST

https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.