Bug 22947

Summary: CVE-2010-0438: Vulnerability in OTRS-Core allows SQL-Injection
Product: Sisyphus Reporter: Dmitry V. Levin <ldv>
Component: otrsAssignee: Sergey Y. Afonin <asy>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: blocker    
Priority: P3 CC: asy, pavel.zilke, zidex
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://otrs.org/advisory/OSA-2010-01-en/

Description Dmitry V. Levin 2010-02-11 20:25:17 MSK 
Missing security quoting for SQL statements allows agents and customers
to manipulate SQL queries. So it's possible for authenticated users to
inject SQL queries via string manipulation of statements.

A malicious user may be able to manipulate SQL queries to read or modify
records in the database. This way it could also be possible to get access
to more permissions (e. g. administrator permissions).

To use this vulnerability the malicious user needs to have a valid
Agent-or Customer-session.
Comment 1 Repository Robot 2010-02-21 22:32:37 MSK 
otrs-2.4.7-alt1 -> sisyphus:

* Sun Feb 21 2010 Pavel Zilke <zidex at altlinux> 2.4.7-alt1

- Security fixes:
  + Vulnerability in OTRS-Core allows SQL-Injection; CVE-2010-0438 (ALT #22947)