CVE-2005-3893: SQL Injection
First published: Tue Nov 29 2005(Updated: )
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OTRS | =2.0.3 | |
| OTRS | =2.0.0 | |
| OTRS | =1.3.2 | |
| OTRS | =1.0.0 | |
| OTRS | =2.0.2 | |
| OTRS | =2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
- http://otrs.org/advisory/OSA-2005-01-en/
- http://www.securityfocus.com/bid/15537/
- http://secunia.com/advisories/17685/
- http://www.osvdb.org/21064
- http://www.osvdb.org/21065
- http://securitytracker.com/id?1015262
- http://www.novell.com/linux/security/advisories/2005_30_sr.html
- http://secunia.com/advisories/18101
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039001.html
- http://www.debian.org/security/2006/dsa-973
- http://secunia.com/advisories/18887
- http://www.vupen.com/english/advisories/2005/2535
- http://marc.info/?l=bugtraq&m=113272360804853&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23354
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23352
Frequently Asked Questions
What is the severity of CVE-2005-3893?
CVE-2005-3893 is considered a critical vulnerability due to the potential for remote attackers to execute arbitrary SQL commands.
How do I fix CVE-2005-3893?
To fix CVE-2005-3893, update Open Ticket Request System (OTRS) to version 2.0.4 or later, which addresses these SQL injection vulnerabilities.
What are the affected versions of OTRS for CVE-2005-3893?
CVE-2005-3893 affects OTRS versions 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3.
What types of attacks can exploit CVE-2005-3893?
CVE-2005-3893 can be exploited through SQL injection attacks that allow unauthorized access and manipulation of the database.
Is authentication bypass possible with CVE-2005-3893?
Yes, CVE-2005-3893 allows remote attackers to bypass authentication by exploiting SQL injection vulnerabilities.
- agent/references
- agent/softwarecombine
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- vendor/otrs
- product/otrs
- canonical/otrs otrs
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/otrs
- version/otrs/2.0.3
- version/otrs/2.0.0
- version/otrs/1.3.2
- version/otrs/1.0.0
- version/otrs/2.0.2
- version/otrs/2.0.1