VYPR
Get started
← All advisories
Critical severity9.4NVD Advisory· Published Sep 17, 2016· Updated May 6, 2026

CVE-2016-5843

CVE-2016-5843

Description

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

Affected products

30
  • OTRS/Faq30 versions
    cpe:2.3:a:otrs:faq:2.0.1:*:*:*:*:*:*:*+ 29 more
    • cpe:2.3:a:otrs:faq:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.3:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.