CVSS: 8.8EPSS: 0%CPEs: 26EXPL: 0CVE-2010-0438
https://notcve.org/view.php?id=CVE-2010-0438
09 Feb 2010 — Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en Kernel/System/Ticket.pm en OTRS-Core en Open Ticket Request System (OTRS) v2.1.x anteriores a v2.1.9, v2.2.x anteriores a v2.2.9, v2.3.x anteriores a v2.3.5, y v2.4.x anterio... • http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1515
https://notcve.org/view.php?id=CVE-2008-1515
01 Apr 2008 — The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." La interfaz SOAP en OTRS versión 2.1.x anterior a 2.1.8 y versión 2.2.x anterior a 2.2.6, permite a los atacantes remotos “read and modify objects" por medio de peticiones SOAP, relacionadas con "Missing security checks" • http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html • CWE-264: Permissions, Privileges, and Access Controls •