CVE-2005-3893 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2005-3893 Interim 1 4 2023-12-09T02:20:10Z current 2021-05-30T12:34:20Z 2023-12-09T02:20:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2005-3893 Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WVFLUVZS5BGFNCN2FFA2CBJI2ULRFZH6/#WVFLUVZS5BGFNCN2FFA2CBJI2ULRFZH6 E-Mail link for SUSE-SR:2005:030 https://www.suse.com/support/security/rating/ SUSE Security Ratings Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action. CVE-2005-3893 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P