Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5843

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

Published

2016-09-17T02:59:00.147

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.4 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

8.5

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	otrs	faq	2.0.1	Yes
Application	otrs	faq	2.0.2	Yes
Application	otrs	faq	2.0.3	Yes
Application	otrs	faq	2.0.4	Yes
Application	otrs	faq	2.0.5	Yes
Application	otrs	faq	2.0.6	Yes
Application	otrs	faq	2.0.7	Yes
Application	otrs	faq	2.0.8	Yes
Application	otrs	faq	2.1.0	Yes
Application	otrs	faq	2.1.1	Yes
Application	otrs	faq	2.1.2	Yes
Application	otrs	faq	2.1.3	Yes
Application	otrs	faq	2.1.4	Yes
Application	otrs	faq	2.2.0	Yes
Application	otrs	faq	2.2.1	Yes
Application	otrs	faq	2.2.2	Yes
Application	otrs	faq	2.2.3	Yes
Application	otrs	faq	2.3.0	Yes
Application	otrs	faq	2.3.1	Yes
Application	otrs	faq	2.3.2	Yes
Application	otrs	faq	2.3.3	Yes
Application	otrs	faq	2.3.4	Yes
Application	otrs	faq	4.0.0	Yes
Application	otrs	faq	4.0.1	Yes
Application	otrs	faq	4.0.2	Yes
Application	otrs	faq	4.0.3	Yes
Application	otrs	faq	5.0.0	Yes
Application	otrs	faq	5.0.1	Yes
Application	otrs	faq	5.0.2	Yes
Application	otrs	faq	5.0.3	Yes

References

http://www.securityfocus.com/bid/93019 ([email protected])
https://github.com/OTRS/FAQ/commit/3700f75c67f6ed1d39bc213445c6d12a458e1af9 Issue Tracking, Patch ([email protected])
https://github.com/OTRS/FAQ/commit/8c9d63bd0297adda760330805c31afc130861557 Issue Tracking, Patch ([email protected])
https://github.com/OTRS/FAQ/commit/b805703e7b7725d1f3040bb626a4c4dd845ee9e3 Issue Tracking, Patch ([email protected])
https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/ Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/93019 (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OTRS/FAQ/commit/3700f75c67f6ed1d39bc213445c6d12a458e1af9 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OTRS/FAQ/commit/8c9d63bd0297adda760330805c31afc130861557 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OTRS/FAQ/commit/b805703e7b7725d1f3040bb626a4c4dd845ee9e3 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)