Mandriva Linux Security Advisory 2013-212 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.
5ecc1971b7c3965a30dc10ac0ddd13fa0f59ca6dda6e9dce200dc16ec8e33b23
Debian Linux Security Advisory 2733-1 - It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs.
17527af704d3664232acad459e3b4ed17fa1772c6437ade8fe8e7d244249c675