Code Injection Vulnerability in OTRS Agent Interface
CVE-2017-16664 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
Learn more about our Web App Pen Testing.