Switch language to english
Znuny Professional Services

Der ((OTRS)) Community Edition Fork mit Langzeit-Support (LTS)

Überblick

ZSA-2024-03

Date
2024-04-17
Affected
All versions of Znuny LTS from 6.5.1 up to including 6.5.7. All versions of Znuny from 7.0.1 up to including 7.0.16.
Severity
low
CVE
CVE-2024-32493

A logged-in agent is able to inject SQL in the draft form ID parameter of an AJAX request.

Thanks to Martino Spagnuolo for reporting.