CVE-2014-1471

描述

SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.

受影響套件(2)

• Debian/otrs2from 0, < 3.3.4-1
• Debian/otrs2from 0, < 2.4.9+dfsg1-3+squeeze5

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-1471