VDB
CVE-2016-5843
CVE-2016-5843
PUBLISHED
CVSS 9.399999618530273 CRITICAL
Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.
EPSS 0.67% · 71.7th percentile
Risk Scores
CVSS v3.0
9.399999618530273
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
EPSS Score
0.67%
71.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| otrs | faq | 2.1.2, 2.0.1, 2.0.2 |
| n/a | n/a | n/a |
Timeline
- Sep 17, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
- Dec 20, 2023 EPSS Score
- Feb 10, 2024 EPSS Score
- May 25, 2024 EPSS Score
References
- https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/ url
- 93019 vdb
- https://github.com/OTRS/FAQ/commit/b805703e7b7725d1f3040bb626a4c4dd845ee9e3 url
- https://github.com/OTRS/FAQ/commit/8c9d63bd0297adda760330805c31afc130861557 url
- https://github.com/OTRS/FAQ/commit/3700f75c67f6ed1d39bc213445c6d12a458e1af9 url
- https://nvd.nist.gov/vuln/detail/CVE-2016-5843 advisory
- https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package url