Description
webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN73162541/index.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/7797670
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43960
Scores
EPSS
0.0300
EPSS Percentile
85.7%
Details
CWE
CWE-78
Status
published
Products (29)
otrs/otrs
1.3.2
otrs/otrs
1.3.3
otrs/otrs
2.0.1
otrs/otrs
2.0.2
otrs/otrs
2.0.3
otrs/otrs
2.0.4
otrs/otrs
2.0.5
otrs/otrs
2.1.1
otrs/otrs
2.1.2
otrs/otrs
2.1.3
... and 19 more
Published
Mar 11, 2011
Tracked Since
Feb 18, 2026