VYPR
Critical severity9.4NVD Advisory· Published Sep 17, 2016· Updated Jun 17, 2026

CVE-2016-5843

CVE-2016-5843

Description

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

Affected products

31
  • OTRS/Faq31 versions
    cpe:2.3:a:otrs:faq:2.0.1:*:*:*:*:*:*:*+ 30 more
    • cpe:2.3:a:otrs:faq:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:2.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:otrs:faq:5.0.3:*:*:*:*:*:*:*
    • (no CPE)range: <2.3.6, <4.0.5, <5.0.5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.