OTRS 2.0 - Login Function 'User' SQL Injection
| EKU-ID: 31861 | CVE: CVE-2005-3893;OSVDB-21064 | OSVDB-ID: |
| Author: Moritz Naumann | Published: 2005-11-22 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 31861 | CVE: CVE-2005-3893;OSVDB-21064 | OSVDB-ID: |
| Author: Moritz Naumann | Published: 2005-11-22 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple SQL-injection vulnerabilities, an HTML-injection vulnerability, and multiple cross-site scripting vulnerabilities. http://www.example.com/index.pl?Action=Login&User=%27[SQL_HERE]