An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO_BACKSLASH_ESCAPES SQL mode. This issue affects OTRS: * 7.0.X * 8.0.X * 2023.X * 2024.X * 2025.X * 2026.X before 2026.4.X * (OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NOtrs
APPOtrs≤ 6.0.327.0.0 – 8.0.372023.0.0 – 2026.4.1 (bez)
Related vulnerabilities
An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling al...
A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which ...
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL o...
Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTas...
Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticat...