CVE-2016-5843

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

Published: Sep 17, 2016
Updated: Apr 13, 2023
CVE: CVE-2016-5843
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.4
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CVSS v2:

Severity: High
Score: 9
AV:N/AC:L/Au:N/C:C/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
otrs / faq	4.0.1	4.0.1.x
otrs / faq	2.0.3	2.0.3.x
otrs / faq	2.0.6	2.0.6.x
otrs / faq	2.3.4	2.3.4.x
otrs / faq	2.1.2	2.1.2.x
otrs / faq	5.0.2	5.0.2.x
otrs / faq	2.1.1	2.1.1.x
otrs / faq	2.1.4	2.1.4.x
otrs / faq	2.2.1	2.2.1.x
otrs / faq	2.2.3	2.2.3.x
otrs / faq	5.0.0	5.0.0.x
otrs / faq	2.1.3	2.1.3.x
otrs / faq	2.0.4	2.0.4.x
otrs / faq	2.0.5	2.0.5.x
otrs / faq	4.0.3	4.0.3.x
otrs / faq	2.2.2	2.2.2.x
otrs / faq	2.3.3	2.3.3.x
otrs / faq	2.3.1	2.3.1.x
otrs / faq	2.2.0	2.2.0.x
otrs / faq	4.0.0	4.0.0.x
otrs / faq	2.3.2	2.3.2.x
otrs / faq	5.0.3	5.0.3.x
otrs / faq	2.0.8	2.0.8.x
otrs / faq	2.3.0	2.3.0.x
otrs / faq	5.0.1	5.0.1.x
otrs / faq	2.0.1	2.0.1.x
otrs / faq	2.1.0	2.1.0.x
otrs / faq	4.0.2	4.0.2.x
otrs / faq	2.0.7	2.0.7.x
otrs / faq	2.0.2	2.0.2.x

Vulnerability Database

289,697

CVE-2016-5843