Launchpad.net

CVE 2017-15864

In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password.

See the CVE page on Mitre.org for more details.

References