FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

otrs -- multiple vulnerabilities

Affected packages
otrs < 3.1.19
3.2.* < otrs < 3.2.14
3.3.* < otrs < 3.3.4

Details

VuXML ID c7b5d72b-886a-11e3-9533-60a44c524f57
Discovery 2014-01-28
Entry 2014-01-28
Modified 2014-02-06

The OTRS Project reports:

SQL injection issue

An attacker that managed to take over the session of a logged in customer could create tickets and/or send follow-ups to existing tickets due to missing challenge token checks.

References

CVE Name CVE-2014-1471
URL https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
URL https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/