Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In the Admin Package Manager in Open Ticket Request System (OTRS) 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server during package installation. NOTE: the vendor disputes this issue stating "the behaviour is as designed and needed for different packages to be installed", "there is a security warning if the package is not verified by OTRS Group", and "there is the possibility and responsibility of an admin to check packages before installation which is possible as they are not binary.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Open Ticket Request System 安全漏洞
Vulnerability Description
Open Ticket Request System(OTRS)是德国OTRS集团的一套开源缺陷跟踪管理系统软件。该软件将电话,邮件等各种渠道提交进来的服务请求归类为不同的队列、服务级别,服务人员通过OTRS系统来跟踪和回复客户。 OTRS 5.0.0版本至5.0.24版本和6.0.0版本至6.0.1版本中的Admin Package Manager存在远程代码执行漏洞。远程攻击者可通过加载带有CodeInstall元素的特制opm文件利用该漏洞在服务器上执行命令。
CVSS Information
N/A
Vulnerability Type
N/A