CVE-2011-0456

OTRS < 2.3.4 - Remote Code Execution

Title source: llm
STIX 2.1

Description

webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier allows remote attackers to execute arbitrary commands via unspecified vectors, related to a "command injection vulnerability."

References (4)

Core 4
Core References
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN73162541/index.html
Third Party Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000019
Various Sources vendor-advisory x_refsource_suse
https://hermes.opensuse.org/messages/7797670
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43960

Scores

EPSS 0.0300
EPSS Percentile 85.7%

Details

CWE
CWE-78
Status published
Products (29)
otrs/otrs 1.3.2
otrs/otrs 1.3.3
otrs/otrs 2.0.1
otrs/otrs 2.0.2
otrs/otrs 2.0.3
otrs/otrs 2.0.4
otrs/otrs 2.0.5
otrs/otrs 2.1.1
otrs/otrs 2.1.2
otrs/otrs 2.1.3
... and 19 more
Published Mar 11, 2011
Tracked Since Feb 18, 2026