Bug 22947 - CVE-2010-0438: Vulnerability in OTRS-Core allows SQL-Injection
Summary: CVE-2010-0438: Vulnerability in OTRS-Core allows SQL-Injection
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: otrs (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Sergey Y. Afonin
QA Contact: qa-sisyphus
URL: http://otrs.org/advisory/OSA-2010-01-en/
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-02-11 20:25 MSK by Dmitry V. Levin
Modified: 2010-02-21 22:32 MSK (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dmitry V. Levin 2010-02-11 20:25:17 MSK
Missing security quoting for SQL statements allows agents and customers
to manipulate SQL queries. So it's possible for authenticated users to
inject SQL queries via string manipulation of statements.

A malicious user may be able to manipulate SQL queries to read or modify
records in the database. This way it could also be possible to get access
to more permissions (e. g. administrator permissions).

To use this vulnerability the malicious user needs to have a valid
Agent-or Customer-session.
Comment 1 Repository Robot 2010-02-21 22:32:37 MSK
otrs-2.4.7-alt1 -> sisyphus:

* Sun Feb 21 2010 Pavel Zilke <zidex at altlinux> 2.4.7-alt1

- Security fixes:
  + Vulnerability in OTRS-Core allows SQL-Injection; CVE-2010-0438 (ALT #22947)