Switch language to english
Znuny Professional Services

Der ((OTRS)) Community Edition Fork mit Langzeit-Support (LTS)

Überblick

ZSA-2022-07

Sorry to disturb your holiday preparations, but there is an SQL injection vulnerability in Kernel::System::Ticket::TicketSearch, which can be exploited using the web service operation "TicketSearch".

We released a fix for the versions Znuny 6.0 LTS and Znuny 6.4.

If you can't perform a patch level update right now, we also released patched files which can be found here:

Thanks to "Tim Püttmanns (maxence.de)" for reporting.