CVSS: 9.8EPSS: 1%CPEs: 45EXPL: 0CVE-2014-1471 – Debian Security Advisory 2867-1
https://notcve.org/view.php?id=CVE-2014-1471
04 Feb 2014 — SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. Vulnerabilidad de inyección SQL en la función StateGetStatesByType en Kernel/System/State.pm en Open Ticket Request System (OTRS) 3.1.x anterior a 3.1.19, 3.2.x anterior a 3.2.14 y 3.3.x anterior a 3.3.4 permite a ata... • http://osvdb.org/102661 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-4717 – Debian Security Advisory 2733-1
https://notcve.org/view.php?id=CVE-2013-4717
05 Aug 2013 — Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm. Múltiples vulnerabilidades de inyección S... • https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •