VYPR
Unrated severityNVD Advisory· Published Mar 20, 2023· Updated Feb 26, 2025

Code execution through ACL creation

CVE-2023-1250

Description

Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Range: >=6.0.1, <=6.0.34
  • OTRS/Otrsllm-fuzzy2 versions
    >=7.0.0, <7.0.42; >=8.0.0, <8.0.31+ 1 more
    • (no CPE)range: >=7.0.0, <7.0.42; >=8.0.0, <8.0.31
    • (no CPE)range: 7.0.x
  • OTRS AG/((OTRS)) Community Editionv5
    Range: 6.0.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.