CVE-2013-4717
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
Múltiples vulnerabilidades de inyección SQL en Open Ticket Request System (OTRS) Help Desk versiones 3.0.x anteriores a 3.0.22, 3.1.x anteriores a 3.1.18, y 3.2.x anteriores a 3.2.9, permiten a usuarios remotos autenticados ejecutar comandos SQL arbitrarios por medio de vectores no especificados relacionados con los archivos Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm y Kernel/System/TicketSearch.pm
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-06-27 CVE Reserved
- 2013-08-05 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://web.archive.org/web/20130817120539/http://www.otrs.com/de/open-source/community-news/security-advisories/security-advisory-2013-05 | 2021-08-17 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 3.0.0 <= 3.0.21 Search vendor "Otrs" for product "Otrs" and version " >= 3.0.0 <= 3.0.21" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 3.1.0 <= 3.1.17 Search vendor "Otrs" for product "Otrs" and version " >= 3.1.0 <= 3.1.17" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Search vendor "Otrs" for product "Otrs" | >= 3.2.0 <= 3.2.8 Search vendor "Otrs" for product "Otrs" and version " >= 3.2.0 <= 3.2.8" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Itsm Search vendor "Otrs" for product "Otrs Itsm" | >= 3.0.0 <= 3.0.8 Search vendor "Otrs" for product "Otrs Itsm" and version " >= 3.0.0 <= 3.0.8" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Itsm Search vendor "Otrs" for product "Otrs Itsm" | >= 3.1.0 <= 3.1.9 Search vendor "Otrs" for product "Otrs Itsm" and version " >= 3.1.0 <= 3.1.9" | - |
Affected
| ||||||
Otrs Search vendor "Otrs" | Otrs Itsm Search vendor "Otrs" for product "Otrs Itsm" | >= 3.2.0 <= 3.2.6 Search vendor "Otrs" for product "Otrs Itsm" and version " >= 3.2.0 <= 3.2.6" | - |
Affected
|