Описание
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 6.0.5-1 |
| cosmic | not-affected | 6.0.5-1 |
| devel | DNE | |
| disco | not-affected | 6.0.5-1 |
| eoan | not-affected | 6.0.5-1 |
| esm-apps/bionic | not-affected | 6.0.5-1 |
| esm-apps/focal | not-affected | 6.0.5-1 |
| esm-apps/jammy | not-affected | 6.0.5-1 |
| esm-apps/xenial | needed |
Показывать по
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Requ ...
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
6.5 Medium
CVSS2
8.8 High
CVSS3