#22947 – CVE-2010-0438: Vulnerability in OTRS-Core allows SQL-Injection

Bug 22947 - CVE-2010-0438: Vulnerability in OTRS-Core allows SQL-Injection

Summary: CVE-2010-0438: Vulnerability in OTRS-Core allows SQL-Injection

Status:	CLOSED FIXED

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	otrs (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Sergey Y. Afonin
QA Contact:	qa-sisyphus

URL:	http://otrs.org/advisory/OSA-2010-01-en/
Keywords:	security

Depends on:
Blocks:

Reported:	2010-02-11 20:25 MSK by Dmitry V. Levin
Modified:	2010-02-21 22:32 MSK (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dmitry V. Levin 2010-02-11 20:25:17 MSK

Missing security quoting for SQL statements allows agents and customers
to manipulate SQL queries. So it's possible for authenticated users to
inject SQL queries via string manipulation of statements.

A malicious user may be able to manipulate SQL queries to read or modify
records in the database. This way it could also be possible to get access
to more permissions (e. g. administrator permissions).

To use this vulnerability the malicious user needs to have a valid
Agent-or Customer-session.

Comment 1 Repository Robot 2010-02-21 22:32:37 MSK

otrs-2.4.7-alt1 -> sisyphus:

* Sun Feb 21 2010 Pavel Zilke <zidex at altlinux> 2.4.7-alt1

- Security fixes:
  + Vulnerability in OTRS-Core allows SQL-Injection; CVE-2010-0438 (ALT #22947)