Security Advisory

CVE-2017-16664

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-11-21 14:00:00

Last updated 2024-08-05 20:27:04

Assigner mitre

State PUBLISHED

Description

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

← Browse all CVEs View on cve.org ↗