CVE-2013-4717
HIGH8.8EPSS 0.90%otrs2 - SQL injection
Published: 8/9/2021Modified: 4/28/2026
Also known as:DEBIAN-CVE-2013-4717
Description
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
Affected packages (2)
- Debian/otrs2from 0, < 3.2.9-1
- Debian/otrs2from 0, < 2.4.9+dfsg1-3+squeeze4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |