CVE-2010-0438
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2010-0438
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2010-0438.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2010-0438
- Related
- Published
- 2010-02-09T19:30:00Z
- Modified
- 2025-01-14T06:03:10.147440Z
- Summary
- [none]
- Details
-
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- References
-
- http://otrs.org/advisory/OSA-2010-01-en/
- http://secunia.com/advisories/38507
- http://secunia.com/advisories/38544
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://otrs.org/releases/2.4.7/
- http://source.otrs.org/viewvc.cgi/otrs/Kernel/System/Ticket.pm?view=log
- http://www.osvdb.org/62181
- http://www.otrs.org/news/2010/otrs_2-4-7/
- http://www.securityfocus.com/bid/38146
- https://security-tracker.debian.org/tracker/CVE-2010-0438
Affected packages
Debian:11 / otrs2
Package
- Name
- otrs2
- Purl
- pkg:deb/debian/otrs2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.7-1
Affected versions
2.*
2.0.4p01-6
2.0.4p01-7
2.0.4p01-8
2.0.4p01-9
2.0.4p01-10
2.0.4p01-11
2.0.4p01-12
2.0.4p01-13
2.0.4p01-14
2.0.4p01-14.1
2.0.4p01-15
2.0.4p01-16
2.0.4p01-17
2.0.4p01-18
2.0.99beta1-1
2.0.99beta1-2
2.1.1-1
2.1.3-1
2.1.4-1
2.1.4-2
2.1.5-1
2.1.5-2
2.1.5-3
2.1.6-1
2.1.7-1
2.1.7-2
2.2.0~beta2-1
2.2.0~beta3-1
2.2.1-1
2.2.2-1
2.2.3-1
2.2.4-1
2.2.5-1
2.2.5-2
2.2.6-1
2.2.7-1
2.2.7-2
2.2.7-2lenny1
2.2.7-2lenny2
2.2.7-2lenny3
2.2.7-3
2.3.2-1
2.3.2-2
2.3.3-1
2.3.4-1
2.3.4-2
2.3.4-3
2.3.4-4
2.3.4-5
2.3.4-6
2.3.4-7
2.4.5-1
2.4.5-2
2.4.5-3
2.4.5-4
2.4.5-5
2.4.6-1
2.4.6-2