Open Ticket Request System (OTRS) Command Execution Vulnerability Network Vulnerability

Summary

This host is running Open Ticket Request System (OTRS) and is prone to command execution bulnerability.

Impact

Successful exploitation will allow attackers to execute an arbitrary OS command with the privileges of OTRS on the server where it is installed. Impact Level: Application

Solution

Upgarde to Open Ticket Request System (OTRS) version 2.3.5 or later, For updates refer to http://otrs.org/download/

Insight

The flaw is due to certain unspecified input is not properly sanitised before being used. This can be exploited to inject and execute shell commands.

Affected

Open Ticket Request System (OTRS) version prior to 2.3.5

Detection

Get the installed version of OTRS with the help of detect NVT and check the version is vulnerable or not.

References

http://jvn.jp/en/jp/JVN73162541/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000019.html
http://secunia.com/advisories/38507/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0456

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

'research_display.php' SQL Injection Vulnerability
AlefMentor Multiple SQL Injection Vulnerabilities
AWStats configdir parameter arbitrary cmd exec
ATutor password reminder SQL injection
Atmail Multiple Unspecified Security Vulnerabilities.

Take action and discover your vulnerabilities