CVE-2025-24388 – “OTRS Parameter Injection Vulnerability”

June 16, 2025

CVE ID : CVE-2025-24388

Published : June 16, 2025, 12:15 p.m. | 2 hours, 5 minutes ago

Description : A vulnerability in the OTRS Admin Interface and Agent Interface (versions before OTRS 8) allow parameter injection due to for an autheniticated agent or admin user.

This issue affects:

* OTRS 7.0.X

* OTRS 8.0.X
* OTRS 2023.X
* OTRS 2024.X
* OTRS 2025.X

* ((OTRS)) Community Edition: 6.0.x

Products based on the ((OTRS)) Community Edition also very likely to be affected

Severity: 3.8 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6121 – D-Link DIR-632 HTTP POST Request Handler Stack-Based Buffer Overflow

Next Article CVE-2025-6119 – Open Asset Import Library Assimp Use After Free Vulnerability

Highlights

CVE-2025-46828 – WeGIA Web Manager SQL Injection Vulnerability

May 7, 2025

CVE ID : CVE-2025-46828

Published : May 7, 2025, 6:15 p.m. | 1 hour, 20 minutes ago

Description : WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in the query parameter. This issue allows attackers to inject and execute arbitrary SQL statements against the application’s underlying database. As a result, it may lead to data exfiltration, authentication bypass, or complete database compromise. Version 3.3.1 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Finally, a sleek gaming laptop I can take to the office (without sacrificing power)

These jobs face the highest risk of AI takeover, according to Microsoft

Apple’s tariff costs and iPhone sales are soaring – how long until device prices are too?

5 ways to successfully integrate AI agents into your workplace

Enhancing Laravel Queries with Reusable Scope Patterns

Enhancing Laravel Queries with Reusable Scope Patterns

Everything We Know About Livewire 4

Everything We Know About Livewire 4

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

YouTube wants to use AI to treat “teens as teens and adults as adults” — with the most age-appropriate experiences and protections

Sam Altman is afraid of OpenAI’s GPT-5 creation — “The Manhattan Project feels very fast, like there are no adults in the room”

9 new features that arrived on the Windows 11 Insider Program during the second half of July 2025

CVE-2025-24388 – “OTRS Parameter Injection Vulnerability”

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

CVE-2025-53891 – Apache Time-Line File Upload Vulnerability (Remote File Inclusion/DoS)

Microsoft mystery folder fix might need a fix of its own

Rilasciato Hyprland 0.50: Un Compositore Wayland con Nuove Funzionalità e Miglioramenti

CISA Adds ThreeVulnerabilities to KEV Catalog

CVE-2025-46828 – WeGIA Web Manager SQL Injection Vulnerability

Apple Backports Zero-Day Patches to Older Devices in Latest Security Update

CVE-2025-5640 – “PX4-Autopilot MavlinkReceiver Stack-Based Buffer Overflow Vulnerability”

Meta Rejects EU’s AI Code, Warns It Could Hurt Innovation

CVE-2025-24388 – “OTRS Parameter Injection Vulnerability”

Related Posts