VDB
GCVE-VVD-MAGEIA-2014-94
GCVE-VVD-MAGEIA-2014-94
Advisory Published
Updated otrs package fixes security vulnerabilities:
In OTRS before 3.2.14, an attacker that managed to take over the session of a
logged in customer could create tickets and/or send follow-ups to existing
tickets due to missing challenge token checks (CVE-2014-1694).
In OTRS before 3.2.14, an attacker with a valid customer or agent login could
inject SQL in the ticket search URL (CVE-2014-1471).
The update also adds a missing dependency which prevented database creation
during web based installation.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | assaultcube | 0 (affected), 1.2.0.2-1.mga4 (unaffected) | — |
| Mageia | otrs | 0 (affected), 3.2.14-1.mga3 (unaffected), 0 (affected), 3.2.14-1.mga3 (unaffected) | — |
| Mageia | otrs | 0 (affected), 3.2.14-1.mga4 (unaffected), 0 (affected), 3.2.14-1.mga4 (unaffected) | — |
References
Browse GCVE Records
72,664 records in the GCVE database · Updated July 15, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.