Red Hat Bugzilla – Bug 563486
CVE-2010-0438 OTRS: Multiple SQL injection flaws in OTRS-Core (OSA-2010-01)
Last modified: 2014-01-29 12:53:38 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-0438 to
the following vulnerability:
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in
OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9,
2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow
remote authenticated users to execute arbitrary SQL commands via
This issue affects the version of the otrs package, as shipped
within EPEL-5 project.
Please fix / rebase.
OTRS has been removed from EPEL5, so this flaw no longer affects anything currently shipped.