CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 4CVE-2005-3893 – OTRS 2.0 - AgentTicketPlain Action Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2005-3893
29 Nov 2005 — Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. • https://www.exploit-db.com/exploits/26551 •
CVSS: 5.4EPSS: 8%CPEs: 6EXPL: 3CVE-2005-3894 – OTRS 2.0 - 'index.pl' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-3894
29 Nov 2005 — Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded values in the QueueID parameter and (2) Action parameters. • https://www.exploit-db.com/exploits/26552 •