CVE-2016-5843

CRITICAL

9.4

CVSS Severity Score

EPSS Score0.1190%

EPSS Percentile39.39th

PublishedSep 17, 2016

Last ModifiedMay 6, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search parameters.

Affected Platforms (CPE)

📦

Otrs

Faq

= 2.0.1

📦

Otrs

Faq

= 2.0.2

📦

Otrs

Faq

= 2.0.3

📦

Otrs

Faq

= 2.0.4

📦

Otrs

Faq

= 2.0.5

📦

Otrs

Faq

= 2.0.6

📦

Otrs

Faq

= 2.0.7

📦

Otrs

Faq

= 2.0.8

📦

Otrs

Faq

= 2.1.0

📦

Otrs

Faq

= 2.1.1

📦

Otrs

Faq

= 2.1.2

📦

Otrs

Faq

= 2.1.3

📦

Otrs

Faq

= 2.1.4

📦

Otrs

Faq

= 2.2.0

📦

Otrs

Faq

= 2.2.1

📦

Otrs

Faq

= 2.2.2

📦

Otrs

Faq

= 2.2.3

📦

Otrs

Faq

= 2.3.0

📦

Otrs

Faq

= 2.3.1

📦

Otrs

Faq

= 2.3.2

📦

Otrs

Faq

= 2.3.3

📦

Otrs

Faq

= 2.3.4

📦

Otrs

Faq

= 4.0.0

📦

Otrs

Faq

= 4.0.1

📦

Otrs

Faq

= 4.0.2

📦

Otrs

Faq

= 4.0.3

📦

Otrs

Faq

= 5.0.0

📦

Otrs

Faq

= 5.0.1

📦

Otrs

Faq

= 5.0.2

📦

Otrs

Faq

= 5.0.3

References & Advisories

🔗 http://www.securityfocus.com/bid/93019

🔗 https://github.com/OTRS/FAQ/commit/3700f75c67f6ed1d39bc213445c6d12a458e1af9

🔗 https://github.com/OTRS/FAQ/commit/8c9d63bd0297adda760330805c31afc130861557

🔗 https://github.com/OTRS/FAQ/commit/b805703e7b7725d1f3040bb626a4c4dd845ee9e3

🔗 https://www.otrs.com/security-advisory-2016-01-security-update-otrs-faq-package/

🔗 http://www.securityfocus.com/bid/93019

🔗 https://github.com/OTRS/FAQ/commit/3700f75c67f6ed1d39bc213445c6d12a458e1af9

🔗 https://github.com/OTRS/FAQ/commit/8c9d63bd0297adda760330805c31afc130861557

Vulnerability Description

Affected Platforms (CPE)

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

Faq

References & Advisories

Related Vulnerabilities