CVE-2014-1471

EPSS 1.6%

otrs2 - several

Published: 2/4/2014Modified: 4/28/2026

Also known as:DEBIAN-CVE-2014-1471

Description

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.

Affected packages (2)

Debian/otrs2from 0, < 3.3.4-1
Debian/otrs2from 0, < 2.4.9+dfsg1-3+squeeze5

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-1471