High severity8.8NVD Advisory· Published Nov 21, 2017· Updated Jun 17, 2026
CVE-2017-16664
CVE-2017-16664
Description
Code injection exists in Kernel/System/Spelling.pm in Open Ticket Request System (OTRS) 5 before 5.0.24, 4 before 4.0.26, and 3.3 before 3.3.20. In the agent interface, an authenticated remote attacker can execute shell commands as the webserver user via URL manipulation.
Affected products
5Patches
Vulnerability mechanics
References
3- www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/nvdIssue TrackingPatchVendor Advisory
- lists.debian.org/debian-lts-announce/2017/12/msg00015.htmlnvdMailing ListThird Party Advisory
- www.debian.org/security/2017/dsa-4047nvdThird Party Advisory
News mentions
0No linked articles in our index yet.