{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2005-3893","title":"Title"},{"category":"description","text":"Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2005-3893","url":"https://www.suse.com/security/cve/CVE-2005-3893"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 135006 for CVE-2005-3893","url":"https://bugzilla.suse.com/135006"},{"category":"external","summary":"Advisory link for SUSE-SR:2005:030","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WVFLUVZS5BGFNCN2FFA2CBJI2ULRFZH6/#WVFLUVZS5BGFNCN2FFA2CBJI2ULRFZH6"}],"title":"SUSE CVE CVE-2005-3893","tracking":{"current_release_date":"2023-12-09T03:43:05Z","generator":{"date":"2023-02-15T06:16:47Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2005-3893","initial_release_date":"2023-02-15T06:16:47Z","revision_history":[{"date":"2023-02-15T06:16:47Z","number":"2","summary":"Current version"},{"date":"2023-12-08T05:21:21Z","number":"3","summary":"Current version"},{"date":"2023-12-09T03:43:05Z","number":"4","summary":"Current version"}],"status":"interim","version":"4"}}}