Code Injection Vulnerability in OTRS Agent Interface

Code Injection Vulnerability in OTRS Agent Interface

CVE-2017-16664 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.

Learn more about our Web App Pen Testing.